Forum Discussion

daboochmeister's avatar
Nov 04, 2014

APM, use HTTP basic auth semantics to retrieve e.g. RSA credentials?

Hi all - new-ish to APM - I think this is possible, but wanted to check. Rather than using a form to gather credentials from a user, is it possible to use the HTTP basic auth authentication scheme to gather the credentials, but configure the access policy so that the retrieved credentials are sent to an RSA server (accessed as a RADIUS AAA)?

 

We already have a portal link working, with a form for user credential gathering - but we have some scenarios where it would be better if the client received an HTTP 401 status back, and gathered credentials via the built-in basic auth dialog.

 

This is on 11.5.1 LTM (APM 11.5.1).

 

Thx for any help!

 

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus

    Should be able to do that.

    [HTTP::username] and [HTTP::password] extracts the credentials from the header

    https://devcentral.f5.com/wiki/iRules.HTTP__username.ashx

    iRule can be used to map the username(401 agent updates username directly ) and password session variables. This can be followed by the radius agent.

    when ACCESS_POLICY_AGENT_EVENT {    
            ACCESS::session data set session.logon.logon.username [HTTP::username] 
            ACCESS::session data set session.logon.logon.password [HTTP::password] 
    }