Hi Stanislas
We are planning to use authentication using oauth to azureAD, we would need to use ACLs at later point, but that might get too complicated to use ACLs as we would be looking to invoke the match conditions using expressions for multiple user groups to be sent over to different ACLs, which would be too many and also gets too complicated to look for users in multiple groups to be allowed to both or more than two ACLs. ( would need custom expressions looking for a match of more than 1 user group id and may be combine ACLs as their assignment )
This is why we wanted to look at simple branching rules based on 2 checks for each branch, one the path and next the specific user group id allowed to access that path.
I have tried the expression with session.server.landinguri but could not get a match to the rule still. I am not using any authentication at this point for the purpose of testing this. This is what the logs show.
/Common/AzureADB2BforInternalApps:Common:fdc12271: AccessPolicyProcessor/AccessPolicy.cpp: 'execute()': 658: Rule to evaluate = "expr {[mcget {session.server.landinguri}] contains "/soandso1/abc/" && [mcget {session.oauth.client./Common/AzureADB2BforInternalApps_act_oauth_client_ag.id_token.groups}] contains "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"}"
/Common/AzureADB2BforInternalApps:Common:fdc12271: ./AccessPolicyProcessor/Session.h: 'getSessionVar()': 610: variable "session.server.landinguri" was not found in the local cache for session "fdc12271"
/Common/AzureADB2BforInternalApps:Common:fdc12271: ./AccessPolicyProcessor/Session.h: 'getSessionVar()': 617: try to get it from MEMCACHED
/Common/AzureADB2BforInternalApps:Common:fdc12271: ./AccessPolicyProcessor/Session.h: 'getSessionVar()': 639: variable found, let's add it to the local cache "session.server.landinguri"="/soandso1/abc/"(length=28)
/Common/AzureADB2BforInternalApps:Common:fdc12271: ./AccessPolicyProcessor/Session.h: 'getSessionVar()': 610: variable "session.oauth.client./Common/AzureADB2BforInternalApps_act_oauth_client_ag.id_token.groups" was not found in the local cache for session "fdc12271"
/Common/AzureADB2BforInternalApps:Common:fdc12271: ./AccessPolicyProcessor/Session.h: 'getSessionVar()': 617: try to get it from MEMCACHED
/Common/AzureADB2BforInternalApps:Common:fdc12271: ./AccessPolicyProcessor/Session.h: 'getSessionVar()': 625: variable "session.oauth.client./Common/AzureADB2BforInternalApps_act_oauth_client_ag.id_token.groups" for session "fdc12271" was not found in MEMCACHED
/Common/AzureADB2BforInternalApps:Common:fdc12271: AccessPolicyProcessor/AccessPolicy.cpp: 'execute()': 658: Rule to evaluate = ""
/Common/AzureADB2BforInternalApps:Common:fdc12271: Following rule 'fallback' from item 'Advanced Resource Assign(1)' to ending 'Deny
/Common/AzureADB2BforInternalApps:Common:fdc12271: Access policy result: Logon_Deny