For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

vincent_munier_'s avatar
vincent_munier_
Icon for Nimbostratus rankNimbostratus
Oct 07, 2013

Error with External logon page

Hello, I'm beginning with the F5 and i'm trying to use an external logon page (in module APM): So, to begin, on an external server, i have this logon page:

and the html code:

In APM, I have defined this authentication profile:

After, i have associated this authentication with my webservice (http://webservice)

The problem is when i go to the webservice, i obtain this error

I think the webservice will send a redirect to the login page, but it doesn't. It respond directly this this error page.

I haven't found well documented readings about external logon pages and what does error code 19 means.

What is wrong this my config? Thanks for your help, Vincent

application delivery
BIG-IP Access Policy Manager (APM)
deployment
design
devops
iRules
security

6 Replies

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Oct 07, 2013

    your html code isn't visible.

     

    it seems the request send to the APM doesn't contain the correct headers, can you do a packet capture on the BIG-IP checking if the POST contains all the right info (i.e. the Cookies and username / password)?

     

  • vincent_munier_'s avatar
    vincent_munier_
    Icon for Nimbostratus rankNimbostratus
    Oct 07, 2013

    Thank you for your answer, and sorry for the html code:

     

    Actually, at the moment the request sent to the APM doesn't contain headers (cookie, username/password) because it's the first request. I think, if the user is unauthenticated (typically at the first request to the web application), the APM would redirect me to the external logon page?

     

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      Oct 07, 2013
      i haven't worked with this yet, but shouldnt you first visit the APM, get redirected to the external logon page (so now you have the cookies) and then POST the credentials to the APM? have you tried that? [EDIT] just tested this real quick, when i visit the virtual server protected by APM i get redirected to the URL, from there i can submit the info and they get posted correctly.
  • vincent_munier_'s avatar
    vincent_munier_
    Icon for Nimbostratus rankNimbostratus
    Oct 07, 2013

    Yes, but i thought it was the "external logon page" process which have to redirect me to the external page? In my case, i wasn't redirected?

     

    ps: the code html of my logon form:

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Oct 07, 2013

    hehe, yeah i used the same code, the example in the f5 documentation is really, really bad.

     

    at action you use the url of the big-ip my.policy page, nothing else needs to be modified.

     

    then go to the virtual server, get redirected to the webserver you are hosting above code, fill in data, POST and end up authenticated. that is how it works for me.

     

    {extra}

     

    if F5 is reading, im talking about "Figure 6.2 External logon page submission sample" at this page: http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-config-11-4-0/apm_config_general_actions.html

     

    this can be made actually useful by changing to the code from Step 1 from this page: https://devcentral.f5.com/wiki/APM.AcceptPostedCredsfromExternalSite.ashx

     

  • vmunier_96939's avatar
    vmunier_96939
    Icon for Nimbostratus rankNimbostratus
    Oct 21, 2013

    Hi, All is now working for me. I'don't know really why but now i'm correctly redirected to my external logon page... Thank you very much. You can also see this link: https://devcentral.f5.com/questions/how-to-use-apm-external-logon-pages