schmuck
Mar 21, 2019Nimbostratus
APM SSO using JSON
I have a forms based auth page that returns an error (415 Unsupported Media Type) with a standard forms based SSO (due to Content-Type header) and is not recognizing the username and password fields properly with Client Initiated so I am trying a sideband iRule. The iRule is pretty straight forward and will properly authenticate the user via a POST and data (that will eventually be APM variables) but when the user connects to the default pool after the APM, a new TCP session is created so the user is not logged in, they just see the app logon page. The VPE is pretty straight forward, logon page -> HTTP Auth -> iRule event -> Allow. The iRule event calls the sideband iRule:
when ACCESS_POLICY_AGENT_EVENT {
if {[ACCESS::policy agent_id] == "iRule_ID"}{
set conn [connect -timeout 3000 -idle 30 -status conn_status vs-name]
log local0. "Connect returns: <$conn> and conn status: <$conn_status> "
set conn_info [connect info -idle -status $conn]
log local0. "Connect info: <$conn_info>"
set data "POST /content/FrontChannel HTTP/1.1\r\nContent-Type: application/json; charset=UTF-8\r\nUser-Agent: F5-APM-sideband/1.0\r\nHost: $hostname\r\nContent-Length: 130\r\nConnection: Keep-Alive\r\n\r\n\{\"type\":\"auth\",\"subtype\":\"auth\",\"clientType\":\"Web\",\"storeResponses\":32,\"username\":\"realusername\",\"password\":\"realpassword\",\"auto\":false\}"
set send_info [send -timeout 3000 -status send_status $conn $data]
log local0. "Sent <$send_info> bytes and send status: <$send_status>"
set recv_data [recv -peek -status peek_status -timeout 3000 $conn]
log local0. "Recv data: <$recv_data>"
pool assign not working
pool pool_name
log local0. "Pool assigned"
close $conn
log local0. "Closed; conn info: <[connect info -status $conn]>"
}
}
Is what I am trying to do possible? Is there a better way?