Forum Discussion

schmuck's avatar
Icon for Nimbostratus rankNimbostratus
Mar 21, 2019


I have a forms based auth page that returns an error (415 Unsupported Media Type) with a standard forms based SSO (due to Content-Type header) and is not recognizing the username and password fields properly with Client Initiated so I am trying a sideband iRule. The iRule is pretty straight forward and will properly authenticate the user via a POST and data (that will eventually be APM variables) but when the user connects to the default pool after the APM, a new TCP session is created so the user is not logged in, they just see the app logon page. The VPE is pretty straight forward, logon page -> HTTP Auth -> iRule event -> Allow. The iRule event calls the sideband iRule:

    if {[ACCESS::policy agent_id] == "iRule_ID"}{
        set conn [connect -timeout 3000 -idle 30 -status conn_status vs-name]
        log local0. "Connect returns: <$conn> and conn status: <$conn_status> "

        set conn_info [connect info -idle -status $conn]
        log local0. "Connect info: <$conn_info>"

        set data "POST /content/FrontChannel HTTP/1.1\r\nContent-Type: application/json; charset=UTF-8\r\nUser-Agent: F5-APM-sideband/1.0\r\nHost: $hostname\r\nContent-Length: 130\r\nConnection: Keep-Alive\r\n\r\n\{\"type\":\"auth\",\"subtype\":\"auth\",\"clientType\":\"Web\",\"storeResponses\":32,\"username\":\"realusername\",\"password\":\"realpassword\",\"auto\":false\}"
        set send_info [send -timeout 3000 -status send_status $conn $data]
        log local0. "Sent <$send_info> bytes and send status: <$send_status>"

        set recv_data [recv -peek -status peek_status -timeout 3000 $conn]
        log local0. "Recv data: <$recv_data>"

        pool assign not working
        pool pool_name
        log local0. "Pool assigned"

        close $conn
        log local0. "Closed; conn info: <[connect info -status $conn]>"

Is what I am trying to do possible? Is there a better way?