For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

karthik_sriniva's avatar
karthik_sriniva
Icon for Nimbostratus rankNimbostratus
Apr 09, 2005

Authentication status

Hi,   Is there a way to check the status of Authentication, if it's success, failure or etc after the call [AUTH::authenticate $tmm_auth_radius_sid].     I would like to know be...
application delivery
dev
devops
iRules
karthik_sriniva's avatar
karthik_sriniva
Icon for Nimbostratus rankNimbostratus
Apr 11, 2005
Please find below the complete iRule. I tried to add comments, but I think the rule is too simple to need additional documentation for you guru's

 

 

when CLIENT_ACCEPTED {

 

variable to hold state

 

set tmm_auth_radius_sid [AUTH::start pam default_radius]

 

set setCookieFlag 0

 

set cookiename "MEDINSTGTW"

 

set usrcookiename "MEDINSTUSRGTW"

 

set cookievalue "GTW9.105"

 

set cookiepass "1400med"

 

set performAuth 1

 

set performRedirect 0

 

}

 

when HTTP_REQUEST {

 

log "IN REQUEST"

 

set content_length [HTTP::header Content-Length]

 

HTTP::collect $content_length

 

if the cookie exists no need to perform authentication

 

log [HTTP::cookie exists MEDINSTUSRGTW]

 

if { [HTTP::cookie exists MEDINSTUSRGTW] } {

 

set rcvusername [HTTP::cookie $usrcookiename]

 

if { $rcvusername eq [HTTP::username] } {

 

set performAuth 0

 

}

 

}

 

}

 

when HTTP_REQUEST_DATA {

 

log [HTTP::payload]

 

if no auth required, make pool process request

 

if {$performAuth eq 0 } {

 

use pool xxxDev

 

HTTP::release

 

}

 

if auth required, get username and password & perform auth

 

if { $performAuth eq 1 } {

 

set recvData [HTTP::payload]

 

log $recvData

 

set uname [findstr $recvData "username" 9]

 

set username [getfield $uname "&" 1]

 

log $username

 

set upwd [findstr $recvData "password" 9]

 

set userpwd [getfield $upwd "&" 1]

 

log $userpwd

 

AUTH::username_credential $tmm_auth_radius_sid $username

 

AUTH::password_credential $tmm_auth_radius_sid $userpwd

 

AUTH::authenticate $tmm_auth_radius_sid

 

}

 

}

 

when AUTH_SUCCESS {

 

if auth success, set variable cookieFlag 1

 

log "IN AUTH SUCCESS"

 

if {$tmm_auth_radius_sid eq [AUTH::last_event_session_id]} {

 

log "setting cookieFlag 1"

 

set setCookieFlag 1

 

HTTP::release

 

}

 

}

 

when AUTH_FAILURE {

 

if auth failed, redirect to login page

 

if {$tmm_auth_radius_sid eq [AUTH::last_event_session_id]} {

 

HTTP::respond 303 Location http://bbb.com/login.htm

 

}

 

}

 

when AUTH_WANTCREDENTIAL {

 

if auth want credentials, redirect to login page

 

log "IN AUTH WCRED"

 

if {$tmm_auth_radius_sid eq [AUTH::last_event_session_id]} {

 

HTTP::respond 303 Location http://bbb.com/login.htm

 

}

 

}

 

when AUTH_ERROR {

 

if auth error, redirect to login page

 

if {$tmm_auth_radius_sid eq [AUTH::last_event_session_id]} {

 

HTTP::respond 303 Location http://bbb.com/login.htm

 

}

 

}

 

when HTTP_RESPONSE {

 

log "IN Response $performRedirect"

 

if { $setCookieFlag eq 1 } {

 

if auth success, set required cookie

 

HTTP::cookie insert name $cookiename value $cookievalue path /

 

HTTP::cookie secure $cookiename enable

 

HTTP::cookie encrypt $cookiename $cookiepass 128

 

HTTP::cookie insert name $usrcookiename value $username

 

}

 

}

 

when HTTP_RESPONSE_DATA

 

{

 

log "IN Response $performRedirect"

 

}

 

when SERVER_DATA {

 

log "IN SERVER DATA"

 

}

 

 

 

Thanks!!!