Lab 3.3 - Testing

In this section you will test how HTTP connector can influence policy changes dynamically as conditions change in the network .

Task - Access basic-iap.acme.com

  1. From the jump box open Chrome and open Developer Tools

    image21

  2. Ensure Disable Cache is checked

    image22

  3. Access the site https://basic-iap.acme.com

  4. Login with the Username: user2 and Password: user2

    image23

  5. Enter the PIN 123456 for RADIUS authentication

    image24

  6. You will be presented the website

    image25

  7. From a separate browser tab access the BIG-IP management interface https://10.1.1.4

  8. Navigate to Access >> Overview >> Active Sessions

    image26

  9. You will see an active session for user2.

  10. Expand the session to see all the sub-sessions by clicking the + (Plus symbol) to the left of the session ID.

    Note

    Your session ID will not match the one displayed in the screenshot below.

    image27

  11. Click View to the right of the HTTP Connector request get-user-status to see the sub-session variables.

    image28

  12. You will notice that HTTP Connector received multiple values back in the response and each JSON key was parsed to individual subsession variables.

  13. userAccountControl is currently set to 66048. Which mean the account is enabled and the password never expires.

    image29

  14. Click Cancel

  15. Expand the session to see all the sub-sessions by clicking the + (Plus Symbol) to the left of the session ID.

    Note

    You session ID will not match the one displayed in the screenshot below.

    image27

  16. If the HTTP Connector sub-session still exists check off that specific sub-session only and click Kill Selected Sessions

    Note

    You are doing this to speed up the process and bypass the typical timers associated with HTTP Connector. This will enable you to see HTTP Connector trigger immediately on the next HTTP request sent from the jump box.

    image30

  17. Locate Disable User 2 Powershell script shortcut located on the desktop.

    image31

  18. Click the Disable User 2 Powershell script. A Powershell window will appear disabling the User2 account is Disabled.

    image32

  19. Return to your existing https://basic-iap.acme.com session.

  20. Click on one of the links for the website. You will receive a Deny Page.

    image33

  21. If you return to the sub-session variables screen in BIG-IP you will see UserAccountControl was 66050.

    image34