Forum Discussion
NimbostratusCatch OAuth introspection response?
Hi guys! How one can catch and modify http response payload from OAuth AS introspection endpoint? I've tried these events in irule - none was triggered(HTTP_REQUEST works fine though):
HTTP_RESPONSE
HTTP_RESPONSE_CONTINUE
HTTP_RESPONSE_DATA
SERVER_DATA
May be the issue is more general - how to catch http responses from internal F5 HTTP services? With no "F5->backend server" communication taking place.
Thank you, Mikhail.
- boneyard
MVP
a layered VIP might be an option, so create a VIP for the IP address of the external service and the IP again in the pool member. then you can apply a iRule on that.
Mikhail_GroshevSeems like there is just no connection occurs to resourse pool when accessing OAuth introspection endpoint. And in irule no "server side" events are triggered at all, only "client_side".
I've tried another option: create internal virtual server and make adapt response profile for it but with no access yet, its a bit more compicated when i've expected.
Abdessamad1Cirrostratus
Did you try using the HTTP_RESPONSE_RELEASE event?
But, if you need to act on the actual payload (not only headers) you need to use HTTP::collect first in HTTP_RESPONSE event, which will trigger the HTTP_RESPONSE_DATA event where you can play with the payload.
- Abdessamad1
For the layered VS option, you don't really need external ip/port, because traffic will never leave the bigip between the two virtual servers.
So you can use a dummy ip such as 1.0.0.1
I didn't test it with the second VS as pool member, but you can use an iRule which will route traffic to the second virtual server
Here is the reference for the virtual irule command: https://devcentral.f5.com/wiki/iRules.virtual.ashx
