For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

praque_135655's avatar
praque_135655
Icon for Nimbostratus rankNimbostratus
Oct 18, 2013

Getting HTTPID AND PASSWORD using irule

hi,

Following the is the requirement, i need to get userid and password from F5 incoming request and post it to siteminder application url.

UseCase: 1. In coming request at F5 has id/pwd in HTTP header 2. Retrieve the id/pwd at F5 3. Post id/pwd by accessing a dummy web resource secured (by Siteminder) to Siteminder

i am new to F5 irule. i wrote the below script. please verify the below irule and advise me for any modification.

irule to retrieve the userid and password: 

    when HTTP_REQUEST {

if {[HTTP::method] eq "POST"} {

if{[HTTP::header exists Authorization]}{
    set userID [HTTP::username]
    set pass [HTTP::password]

    log local0. $userID
    log local0. $pass  

if{[HTTP::uri] contains "/OAuthDemo/test.html"}{
    HTTP::redirect "http://siteminder:90/OAuthDemo/test.html"    
}
}
}

}

application delivery
devops
iRules

5 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Oct 18, 2013
    1. Post id/pwd by accessing a dummy web resource secured (by Siteminder) to Siteminder

    i do not think HTTP::redirect is applicable. you may try HTTP::retry or sideband.

     

    and what happens next?

     

    • praque_135655's avatar
      praque_135655
      Icon for Nimbostratus rankNimbostratus
      Oct 18, 2013
      Thanks for response. Below is the remaining steps in that usecase. 4 Grab the Siteminder cookie (SMSESSION) from Siteminder 5. Remove the id/pwd from the incoming request. Add SMSESSION cookie 6. Send the request to backend Regards, Praque
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Oct 18, 2013
    1. Post id/pwd by accessing a dummy web resource secured (by Siteminder) to Siteminder

    i do not think HTTP::redirect is applicable. you may try HTTP::retry or sideband.

     

    and what happens next?

     

    • praque_135655's avatar
      praque_135655
      Icon for Nimbostratus rankNimbostratus
      Oct 18, 2013
      Thanks for response. Below is the remaining steps in that usecase. 4 Grab the Siteminder cookie (SMSESSION) from Siteminder 5. Remove the id/pwd from the incoming request. Add SMSESSION cookie 6. Send the request to backend Regards, Praque
  • praque_135655's avatar
    praque_135655
    Icon for Nimbostratus rankNimbostratus
    Oct 18, 2013

    Hi,

    I have corrected the script. please find the updated script

    when CLIENT_ACCEPTED { set retries 0 set request_headers "" }

    when HTTP_REQUEST {

    if {$retried == 0}{

if {[HTTP::method] eq "GET" or "POST"}{
     log local0. "Username = [HTTP::username] password = [HTTP::password]"
        set request_headers [HTTP::request]    
     log local0. "HTTP request: $request_headers"
  }
 else{
        set request_headers ""     
 }

    } if{[HTTP::uri] contains "/OAuthDemo/test.html" }{ HTTP::retry "http://usclspcit192.airservices.eds.com/OAuthDemo/test.html" }

    }

    }

    when HTTP_RESPONSE { Check if we got a 404 

    if { [HTTP::status] == 404 && $request_headers ne "" } {

     Track that we are retrying this request

    set retried 1

    log local0. "404 error caught from pool. Retrying."

    HTTP::retry $request_headers

    } else { Track that we are retrying this request set retried 0 } }

    Please review the script and let me know your comments

    Regards, Praque