Forum Discussion
AngryCat_52750
Nimbostratus
Nimbostratusclientless - sso
currently we have a web application that lives on a web server with IIS and forms based auth.. our external clients POST an XML with embedded username and password variables to it.. the web server cr...
AngryCat_52750Nimbostratus
Nimbostratusi get it now.. but i have a follow-up qns.. for the future state F5 login page, once authenticated, we have an iRule that based on a URI, we switch to different pools... This request would always hit the /auth URI..
could i disable the APM portion (login page and all - ACCESS::disable) and bounce it to a different VS that handles the auth portion and everything else mentioned above??
when ACCESS_ACL_ALLOWED {
switch -glob [string tolower [HTTP::uri]] {
"/" -
"/nhl/*" -
"/nba/*" -
"/mlb/*" {pool Pool_us-sports}
"/auth/*" {
ACCESS::disable
virtual vs-xml-posting
}
default {pool Pool_other-sports}
}
}
and once it bounces to that other VS i could have a APM policy that does auth and sso and the iRule to pull the info would be like this -
when HTTP_REQUEST {
HTTP::header insert "clientless-mode" 1
if { ( [HTTP::method] equals "POST" ) and ( [string tolower [HTTP::uri]] starts_with "/auth" ) } {
HTTP::collect [HTTP::header Content-Length]
}
}
when HTTP_REQUEST_DATA { <u+200e>
<u+200e> parse the XML payload in request <u+200e>
<u+200e> set username [findstr [HTTP::payload] "" 13 "<lt; HTTP_REQUEST {
HTTP:"]<u+200e>
<u+200e> set password [findstr [HTTP::payload] "" 6 "ode" 1
if { ( [HTTP::met<lt;<u+200e> set password [fi"]<u+200e>
<u+200e> log local0. "Username - $username , Pwd - $password<u+200e> "
<u+200e>}<u+200e>
when ACCESS_SESSION_STARTED {
if { [info exists username] } {
ACCESS::session data set session.logon.last.username $username
}
if { [info exists password] } {
ACCESS::session data set session.logon.last.password $password
}
}
What do you think????l0. "Username - $user
