Forum Discussion

Mick's avatar
Mick
Icon for Cirrus rankCirrus
Sep 16, 2021

API Endpoint on LTM

Hi

 

I'm trying to come up with a solution to meet the following flow/requirement:

 

  1. LTM presents a VIP that is an API endpoint for a web server
  2. Client requests authentication using json body, e.g. https://1.2.3.4:443/api/auth  -H 'Content-Type = application/json'  -d '{ "username": "testuser", "password": "testpwd", "clientContext": 1 }'
  3. APM does LDAP authorization on behalf of the web server using the username and password in the body
  4. Once authorized, F5 provides token/cookie to client for further API calls.

 

I have tried various combinations of solutions but cannot find a way to do this simply. Looked at API endpoint protection, APM policies, iRules, can't seem to get this simple use case working...

 

Thanks

Mick

2 Replies

  • Hi ,

     

    I think you could use iRulesLX to parse the JSON body, set username and password as APM session variables, do LDAP Auth and then F5 sends the APM session cookie to the client.

     

    KR

    Daniel 

  • thanks I ended up getting this working with an irule