Forum Discussion
Jason_41583
Nimbostratus
NimbostratusAPM authentication User ID changed by application query
Hello all.
I have kind of strange situation that I am trying to sort out, we ahve an existing application that is going to use the APM for authentication but our problem is the existing a...
Kevin_Stewart
Employee
EmployeeHow about something like this:
when RULE_INIT {
enable or disable debug logging
set static::rule_debug 1
}
when ACCESS_POLICY_AGENT_EVENT {
switch [ACCESS::policy agent_id] {
"LOOKUP" {
set ws server connection (direct or virtual name if load balancing)
set server "10.70.0.1:80"
establish the connection
set conn [connect -timeout 3000 -idle 30 -status conn_status $server]
if the conenction fails - log and exit
if { $conn eq "" } {
if { $static::rule_debug } { log local0. "Sideband WS call failed" }
}
establish the query parameter (derived from access session data?)
set getdata "/samlookup.php?user=ted"
establish request string
set data "GET $getdata HTTP/1.0\r\n\r\n"
send the data
set send_info [send -timeout 3000 -status send_status $conn $data]
receive the data
set recv_data [recv -status recv_status -timeout 30 $conn]
close the connection
close $conn
find the payload after the response headers
set payload [findstr $recv_data "\r\n\r\n" 4 " "]
create a new access session variable with the paylaod data
if { $payload ne "" } {
ACCESS::session data set session.custom.sam [string trim $payload]
if { $static::rule_debug } { log local0. "payload = $payload" }
}
}
}
}
This is a VERY simple example of a sideband call, so you'll likely have to modify to suit your needs. Edit the server, getdata, and data variables for your own environment, and then create an iRule event agent in your APM visual polciy with an ID of "LOOKUP". If it works it'll create a new session variable called session.custom.sam.
