For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Jun 12, 2014

advanced Storefront Monitor (end-to-end test)

Hi,   we have setup a Storefront VS with the standard monitor as mentioned in the deployment guide. This is working fine, but this only checks if the Logon Page is provided correctly. Now the cust...
application delivery
citrix
deployment
LTM
Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Jun 13, 2014

Hi Matthieu, Greg,

 

thank you for your quick response. No I didn't used the iApp, but the deployment guide. We also use the mentioned advanced monitor against the XML-Broker pool which is working fine, but we are looking to have such kind of test from a SF perspective.

 

During initial connection, the storefront server issues cookies and CSRF tokens to identify clients and validate subsequent posts. In order to send an accepted authentication post to the sf servers, the CSRF token and cookie issued by the sf server will need to be captured and included in the post.

 

This I also had already in mind, means creating an external monitor, which makes an initial request towards the login page and capture the required token/session cookies/headers. Then make a second request with these variables and include the credentials as well.

 

I was just asking if there is maybe a more easier way available, but seems not. But do you know, which cookies/headers are mandatory for the SF to simulate a successful login?

 

Thank you!

 

Ciao Stefan :)