Forum Discussion
Tony_Drane_9358
Nimbostratus
NimbostratusBigIP Changing Oauth String from HTTPS to HTTP
Hi. I am having issues with an Oauth transaction over SSL. There is a secure cert installed on my BigIP. When I try to authorize an Oauth transaction over SSL, the BigIP changes the Oauth request from HTTPS to HTTP when it passes the string to the server. For example, the request to the BigIP https://mycompany.com/api/1.0/myapp/myrequest?oauth_***** becomes http://mycompany.com/api/1.0/myapp/myrequest?oauth_***** when it is passed to my server for a token request. This is in turn corrupts the string and the OAuth verification fails. Would something like this work?
when HTTP_REQUEST_DATA {
regsub "https://mycompany.com/*" [HTTP::payload] "https://mycompany.com/*" fixeddata
HTTP::payload replace 0 [HTTP::payload $clen] $fixeddata
HTTP::release
}
hoolioCirrostratus
Is the issue that the server checks which protocol (or port) the request was sent over? Or is there something within the HTTP headers or HTTP payload that (also?) indicates the request to the server wasn't over SSL?
I tried skimming through the Oauth guide here, http://www.hueniverse.com/hueniverse/2008/10/beginners-guide.html, but didn't see this type of info there.
Aaron
Tony_Drane_9358So I looked into oauth we are using on google and found: when constructing signature base string, the code uses a HTTP parameter to determine the scheme. And that parameter never carries the scheme info. For that case, the code always sets to http.
Our eng team updated our server to determine if SSL is used for oauth and then change the connection to http using SHA1. This is working for us now. Also, I found out that verisgn sold us a corrupted cert so that didn't help much with troubleshooting. We can close this now.
Thanks.