Forum Discussion
apara_5691
Jul 28, 2011Nimbostratus
Bypass Authentication Form
Good morning!!
I want to bypass an authentication form with an iRule, this is simple with a redirection:
http://example.com/script?user=user&pass=pass
I'm using an LDAP authentication profile with a simple configuration (default _sys_auth_ldap) so what I try to do is the next:
if {[AUTH::status] == 0} {
Successfull authentication
http::respond 320 Location "http://example.com/script?user=user&pass=pass"
}
The iRule "catches" the HTTP authentication params and redirects with this params
The problem is that the authentication profile is associated to the same VS that the redirection is performed, and the 302 is repeated indefinitely.
Any ideas for this particular "problem"? I don't have a lot of experience in iRule development so I'm a little lost :(
Regards,
Alberto
- HamishCirrocumulusI take it you're not concerned about the lack of security in the solution...
- apara_5691NimbostratusI know that it is not the best solution but I think that is the only one possible for my particular case... our customer does not want to modify the application so we need to bypass the form, anyway the authentication isn't protected with an SSL configuration, user/pass was sent in clear text via POST instead of GET with the 302 redirection
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects