Forum Discussion
LarsS__178188
Nimbostratus
NimbostratusAPM - Delete SSO credentials after login
Hello everybody,
I couldn't find any solution on my issue so far, so I try my luck here.
We use APM to access a SAP Portal. To realize SSO with the F5 and the SAP Portal login side, our One...
Is the BW app a pool or a weblink or what? If SSO is being applied that means the request must be passing through the F5, so on whatever vip gets the request, check the HTTP_REQUEST event [HTTP::uri] and apply SSO::disable accordingly.
e.g.
when HTTP_REQUEST { if { [HTTP::uri] starts_with '/blahblahblah' } { WEBSSO::disable } }or
when ACCESS_ACL_ALLOWED { if { [HTTP::uri] starts_with '/blahblahblah' } { WEBSSO::disable } }similar depending on your app and f5 config
Walter_Kacynski
Cirrostratus
CirrostratusThere are many ways to accomplish this. Here is a method that I have used to hardcode static accounts. The downside to this approach is that the password would be coded in plain text in the big-ip configuration. Depending on your setup this may or may not be a problem. I chose not to use the HTTP Basic Auth SSO object since it requires more coordination and the task can be solved with a single iRule.
when ACCESS_POLICY_COMPLETED {
switch [ACCESS::session data get "session.policy.result"] {
"allow" {
Setup BW SSO Object with a custom session variable that stores the base64 encoded version of username:password
ACCESS::session data set -secure session.custom.sso.bwAuth [b64encode StaticUsername:StaticPassword]
}
}
}
when ACCESS_ACL_ALLOWED {
switch -glob [HTTP::uri] {
"/bw*" {
Insert the pre-constructed Basic Auth header for this URL
HTTP::header replace "Authorization" "Basic [ACCESS::session data get -secure session.custom.sso.bwAuth]"
}
}
}
