Forum Discussion
CirrostratusExternal Posting to APM with dynamic URL
Hi Guys,
I have a requirement to pass url with username/password.
Simple username/password working fine, when trying to pass the url as variable. It maks password empty.
Working solution with username/password with manual set url (variable).
when HTTP_REQUEST {
# Check for post requests to the fake URI
if {[HTTP::uri] starts_with "/login" && [HTTP::method] eq "POST"}{
HTTP::cookie remove MRHSession
ACCESS::session remove
# Collect up to 1Mb of request content
if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] < 1048577 } {
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1048576
}
if { $content_length > 0 } {
HTTP::collect $content_length
}
}
}
when HTTP_REQUEST_DATA {
# after authentication APM policy will redirect to this url, need to pass as posting from external site
# I would like to parse URL from payload
set posturl "https://trnapp01.example.com:443/appmanager/abc"
# Parse the username and password from the collected payload
set username [URI::query "?[HTTP::payload]" username]
set password [URI::query [URI::decode "?[HTTP::payload]"] password]
HTTP::release
}
when ACCESS_SESSION_STARTED {
if { [ info exists username ] } {
ACCESS::session data set session.logon.last.username $username
ACCESS::session data set -secure session.logon.last.password $password
ACCESS::session data set session.appurlredirect.uri $posturl
}
}
Requirement to parse url from payload.
Hi Sajid,
In fact we have to decoded payload using "[URI::decode [HTTP::payload]]"
Payload:
is=txtURL=https%3A%2F%2Ftrnapp01.example.com%3A443%2Fappmanager%2Fabc&username=user123&password=%40password123
decoded raw:
is=txtURL=https://trnapp01.example.com:443/appmanager/abc&username=user123&password=@password123
now we have to set the right regex in your irule:
when HTTP_REQUEST_DATA { set payload [URI::decode [HTTP::payload]] set username [URI::query "?[HTTP::payload]" username] set password [URI::query [URI::decode "?[HTTP::payload]"] password] regexp {^.*txtURL=([^&]+).*$} $payload -> gotURL log local0. "Username: $username - password : $password - gotURL: $gotURL" HTTP::release }keep me in touch.
regards
13 Replies
youssef1Cumulonimbus
Hi Sajid,
Juste want to understand before your give you an answer.
You post something like that:
URL:
https://app/login
Payload:
username sajid
password password123
url https://trnapp01.example.com:443/appmanager/abc
That's right? you post the redirect url in payload with username and pwd?
I need to know exactly how is the format of your post
thank you regards,
SajidHi Youssef,
test posting code:
<tr> <td algin="left">Username</td> <td align="left"><input name="username" type="txt"></td>
</tr>
<tr> <td algin="left">Password</td> <td align="left"><input name="password" type="password"></td>
</tr>
<tr> <input type="text" name="txtURL" value="https://trnapp01.example.com:443/appmanager/abc" readonly> </tr>
<td colspan="2" align="center"><input type="submit" value="Logon"></td>
hardcode url for testing purpose only.
- youssef1
Hi,
can you remove thie line:
set posturl "https://trnapp01.example.com:443/appmanager/abc"
and replace it by this line:
regexp {^.*name=\"txtURL\" value=\"([^\"]+).*$} $rbody -> posturl
I just want to confirm if it fix your url problem, then I will provide you an optimized irule
regards
- Sajid
Hi Youssef,
Kindly explain more, I have no idea how to use regexp in the irule.
Regards,
Sajid
- youssef1
Hi Sajid,
I work as follows. when I write an Irule I do it at the simplest I validate that it works. and afterwards I optimize it.
In order to retrieve URL, I used “regexp”, Because I noticed that you post a form auth. So that’s mean that I have to retrieve information needed in Post Data.
How “regexp” work:
So first of you have to retrieve all payload (Post Data):
set payload [HTTP::payload]
In this payload you have to extract URL or other information (In our case URL)
So we can use “regexp” function, it allow us to retrieve a specific string of characters
regexp {^.*name=\"txtURL\" value=\"([^\"]+).*$} $payload -> posturl
^ and $: match the begin/end of the payload
.*: matches any character
() : between parentheses is what we want to recover and put in the variable “posturl”
([^\"]+): means recover all the characters until “
$payload: payload where my regex applies
\: Since “ is used in the regular expressions I am obliged to the despecialized like this \”
Hope it’s clear.
Form more info check this:
http://www.tcl.tk/man/tcl8.4/TclCmd/regexp.htm
so if you have an Control service you can modify your Irule adding this line:
set payload [HTTP::payload]
regexp {^.*name=\"txtURL\" value=\"([^\"]+).*$} $payload -> posturl
regards
- Sajid
Hi Youssef,
Thanks for prompt response, but its not working for me.
Regards,
Sajid
- Sajid
Got this message (log local0)
Sep 16 19:13:22 B01 info tmm1[24290]: Rule /Common/iRule_APM_Ext_SAMLtAuth <HTTP_REQUEST_DATA>: ****txtURL:0 ***username:user123 ***password: and payload is=txtURL=https%3A%2F%2Ftrnapp01.example.com%3A443%2Fappmanager%2Fabc&username=user123&password=%40password123
from iRule
when HTTP_REQUEST_DATA {
set payload [HTTP::payload]
set username [URI::query "?[HTTP::payload]" username]
set password [URI::query [URI::decode "?[HTTP::payload]"] password]
set gotURL [regexp {^.*name=\"txtURL\" value=\"([^\"]+).*$} $payload -> txtURL]
log local0. "****txtURL:$banner9url ***username:$username ***password:$password and payload is=$payload"
HTTP::release
}
I think URL decode required.
- youssef1
Hi Sajid,
In fact we have to decoded payload using "[URI::decode [HTTP::payload]]"
Payload:
is=txtURL=https%3A%2F%2Ftrnapp01.example.com%3A443%2Fappmanager%2Fabc&username=user123&password=%40password123
decoded raw:
is=txtURL=https://trnapp01.example.com:443/appmanager/abc&username=user123&password=@password123
now we have to set the right regex in your irule:
when HTTP_REQUEST_DATA { set payload [URI::decode [HTTP::payload]] set username [URI::query "?[HTTP::payload]" username] set password [URI::query [URI::decode "?[HTTP::payload]"] password] regexp {^.*txtURL=([^&]+).*$} $payload -> gotURL log local0. "Username: $username - password : $password - gotURL: $gotURL" HTTP::release }keep me in touch.
regards
Stanislas_Piro2Hi,
The goal of encoding is to allow special characters in strings. so first extract content, the decode it...
In this line:
set password [URI::query [URI::decode "?[HTTP::payload]"] password]what is the result if password contains a "&" ? password variable will contain only string up to this character...
set password [URI::decode [URI::query "?[HTTP::payload]" password]]This line first get the password parameter, then decode it...
Same behavior with regexp...
set payload [HTTP::payload] regexp {^.*txtURL=([^&]+).*$} $payload -> gotURL set gotURL [URI::decode $gotURL]
- Sajid
Hi Youssef,
Thanks for prompt response, url decode working fine. But I am getting empty password message.
Session variable 'session.ad.last.errmsg' set to 'empty password detected'
decoded payload is showing the right password.
but with posting to APM policy, password is empty.
Regards,
Sajid
- Sajid
it's working for me,
using
when HTTP_REQUEST_DATA {
set payload [URI::decode [HTTP::payload]]
regexp {^.*username=([^&]+).*$} $payload -> username
regexp {^.*password=([^&]+).*$} $payload -> password
regexp {^.*txtURL=([^&]+).*$} $payload -> gotURL
log local0. "Username: $username - password : $password - gotURL: $gotURL"
HTTP::release
}
Thanks
Sajid
- youssef1
glad that it could help you. do not forget to validate my answer :-). and do not hesitate if I can help you
