Forum Discussion

Nimbostratus

Sep 25, 2015

APM Issue Injecting New Authorization Header

I have a policy that uses an Active Directory Authentication, then an Active Directory Query for client authorization. The server side is "dumb." It uses basic auth for authentication. So I inject a ...

BIG-IP Access Policy Manager (APM)

Nimbostratus

Oct 26, 2016

No problem. Thanks for helping! The way the initial login is captured is via an iRule. I'm currently running tests with a rest client (postman & ARC)

when ACCESS_SESSION_STARTED {
    if { [HTTP::password] ne "" } {
    ACCESS::session data set "session.logon.last.username" [string trim [HTTP::username]]
    ACCESS::session data set -secure "session.logon.last.password" [string trim [HTTP::password]]
    }
}

The variable assign and sso of both policies are the same:

I can see in the APM log report that the session varibles are updating during the variable assign and SSO mapping, but not being handed to the backend:

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

APM Issue Injecting New Authorization Header

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Header injection rule

JWT authorization with NGINX Ingress Controller

Host header injection iRule

WAF evasion techniques for Command Injection

AI Security : Prompt Injection and Insecure Output Handling.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS