Forum Discussion
Eric_Kolb_27656
Apr 02, 2012Nimbostratus
Configuring an HTTP Basic AAA Server
While most of our web applications have moved to using our Active Directory user store, we have a few legacy applications for a class of non-corporate users that need their own SSO profile. We've created a one-page web application to serve as the AAA server to manually compare submitted credentials against what's in the database, and we're trying to set this up as an HTTP/Basic AAA server.
The problem that we're encountering is that the service always returns that the auth passed, even when submitting a false or no password.
The logic of the page looks a little something like this:
if credentials were submitted...
if the username is not alphanumeric... status code 401 & exit.
if the username does not exist or is inactive... status code 401 & exit
if the password does not match the expected... status code 401 & exit
if the bad login attempt count >= 3... status code 401 & exit
otherwise... return welcome message & exit
otherwise... status code 401 & exit
When we return the status code 401, we're sending our generic error message with the status code as well as displaying it in the message content. This is along with the WWW-Authenticate: Basic header.
I'm not finding any documentation on building a service to this purpose, so any advice in getting this off the ground would be appreciated.
- Eric_Kolb_27656NimbostratusNevermind, got it with enough tinkering. Any body content in the response is interpreted as a success.
- Blake_79204NimbostratusHaving a similar issue - you're saying any body content in the response is interpreted as a success -- does this mean that the "Successful Logon Detection Match Value" field does nothing?
- Eric_Kolb_27656Nimbostratus
I've never seen any real benefit or effect from Successful Logon Detection Match Value myself.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects