Forum Discussion
Authenticated Sessions at the HTTP level for the iControl API (HTTP Headers?)
We're using i-Control-11.2's Interfaces object and doing some serious pounding of the system. BigIp has no trouble handling the load; however, we're going through a third party authentication/authorization application (TACACS+) which is having trouble keeping up.
Is there a way to maintain the Axis HTTP session once authenticated? I tried using the SOAP "session" header but that didn't work. I'm pretty sure that's more of an application-level session. I'm assuming the HTTP X-iControl-Session header will function the same way. I'm wondering if the BigIp web server will respect HTTP session authentication.
If anyone out there has any ideas, I'm open to trying them. We may be exploring pooling authenticated tcp connections with keep-alive. I'm really hoping there's a better solution.
- Mike_Burrows_59Nimbostratus
You're probably talking way over my head so this response will probably sound stupid but the first thing that comes to mind is a OneConnect profile. Could that be used in your situation to pool connections?
- George_Watkins_Historic F5 Account
I believe the method you are looking for is called setMaintainSession. It is located on the Axis BindingStub objects. Setting it to true will perform the first authentication using HTTP basic auth, then will insert the BigIPAuthCookie (returned in the first response) in subsequent requests. The auth cookie should be checked before HTTP basic auth is attempted. Here is my test code, which is based upon the iControl JAR available on DevCentral (I also had to add the axis and axis-jaxrpc JARs to my CLASSPATH):
import iControl.*; public class AuthCookieTest { public static void main(String[] args) { iControl.Interfaces bigip = new iControl.Interfaces(); bigip.initialize("test-ltm-01", "admin", "admin"); try { SystemSystemInfoBindingStub systemInfoStub = bigip.getSystemSystemInfo(); systemInfoStub.setMaintainSession(true); systemInfoStub.get_version(); systemInfoStub.get_version(); } catch (Exception e) { e.printStackTrace(); } } }
That should cut down on the TACACS chattiness as only the first call will require a TACACS query for authentication. Let me know if that does the trick.
- Kevin_Davies_40Nacreous
Assuming your client making the call supports cookies. Many programatic interfaces do not generally support cookie handling so you would have to capture the returned cookie with your code and ensure you resend it in subsequent iControl requests for this to work.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com