APM HTTP auth

Question

Hi,I am trying to do form based HTTP authentication. Form method is POST. I did wireshark (when connecting to server directly) and HTML form includes:usernamepassword_tokensubmit&nbsp;Username and password is OK. Submit is sent empty. The problem I have is with parameter _token. This parameter is taken from HTML response when entering the site: &nbsp;&nbsp;&lt;meta name="csrf-token" content="MrMacUlmD6vlcdZsuVP8csCakwAwXXgqaDqaIO1Q"&gt;
 and sent back during the authentication.&nbsp;My question is: how get the token variable to the POST? Using iRules? Or is there easier way of doing it?&nbsp;thank you

boneyard · Answer

there are two types of form based SSO (you are doing SSO right?)

you might want the client initiated one, there you wouldnt have to worry about the csrf-token issue

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-0-0/25.html

peterm · Answer

Hi, no, I used Access -&gt; Authentication -&gt; HTTP. But if SSO is better then I use it.

manideep · Answer

I got the same issue, any solution on this?

manideep · Answer

I am using form based SSO, and I tried pass csrf_token as hidden parameter, still I am getting 403 forbidden error - CSRF verification failed. Request aborted.

Hidden parameters - csrf_token submit

Forum Discussion

APM HTTP auth

4 Replies

How I did it - "High-Performance S3 Load Balancing of Dell ObjectScale with F5 BIG-IP"

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

failover issue between datacenters with GSLB

F5 Device Certificate renewal process on Active and Standby devices

Win 10 and Server 2016 clients will not connect. Stuck on Initializing

Version 17.5.1 as next move?

SSL Orchestrator and Traffic Flows

Related Content

APM Access Policy|SSLVPN | SAML auth questionnaires

Client Auth Using HTTP Cookie

HTTP Auth fails

HTTP auth - Calling external API with parameters

APM Google Authenticator HTTP API

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS