For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

praque_135655's avatar
praque_135655
Icon for Nimbostratus rankNimbostratus
Nov 03, 2013

How to return back to current pool after graping the Siteminder Cookie

Hi All,

 

I have added the code to grap the cookie on 208 box(external url) and return back to 192 box.

 

I can able to grap the cookie using the pool Rachecl_Test_208. But i need to return back to current pool.

 

Please help me on this . After entering the submit button only it is return back to current pool.

 

1) Enter LoadBalancer url http://xmppwst.airservices.eds.com/OAuthDemo/finalusers.html i.e( Actually it is mapped to http://usclspcit192.airservices.eds.com/OAuthDemo/finalusers.html”)

 

2) Enter userid/password (testuser1/p@ssw0rd)

 

3) Grab userid/Password(i.e Authorization Header) OR SMCOOKIE

 

4) Call http://xmppt.airservices.eds.com:8080/TestBasicAuth/cookiegenerator.html with Authorization Header OR SMCOOKIE (Note user shouldn’t it is redirected to 208 box always we need to show loadbalancer url (http://usclssoat208.airsoatest.airservices.eds.com/TestBasicAuth/cookiegenerator.html)

 

5) Siteminder Authentication returns the Siteminder Cookie

 

6) AT f5 Grab the SMCookie from 208 box

 

7) http://xmppwst.airservices.eds.com/OAuthDemo/finalusers.html with SMCookie

 

Code: when CLIENT_ACCEPTED { Get the defined pool for this VIP set default_pool [LB::server pool]

 

 Set an initial lookup flag
set gotpath 1

  set cookie 1

set smsession "" set sm 0

 

} when HTTP_REQUEST { On first request (lookup flag exists) perform lookup if { $gotpath == 1 } {

 

     Save the original request
    set request [HTTP::request]

     Change URI for sideband lookup
    HTTP::uri "/OAuthDemo/cookiegenerator.html"

     Change pool to point to sideband web service
    pool Rachel_Test_208

    set gotpath 1
 }

} when HTTP_RESPONSE { If response from web service

 

           Collect the payload from the lookup
    TTP::collect [HTTP::header Content-Length]
   log local0. "collect=TTP::collect [HTTP::header Content-Length]"

         log local0. "http_response: cookie:test27=$cookie; status:test27=[HTTP::status]; sm=[HTTP::cookie exists "SMSESSION"]"
 if { ([LB::server pool] ne $default_pool) && [HTTP::cookie exists "SMSESSION"] } {
                            set smsession "SMSESSION=[HTTP::cookie value SMSESSION]"
                            log local0. "smsession$smsession"
                            set sm 1    
  }

TTP::retry $request

 

}

 

application delivery
devops
iRules

2 Replies

  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Nov 04, 2013

    Hi - I think I see what you are trying to do - you are close!! In HTTP_RESPONSE, you need to modify the $request variable to include the contents of your $smsession variable in the appropriate position, (sorry but I am too lazy to work out the exact syntax required but you'll need to insert it into the bit with cookies), then you need to;

    set gotpath 0
HTTP::retry $request
return

    Then, in HTTP_REQUEST, you need to reset the default pool 

    if {!$gotpath} {
    pool $default_pool
}

    Hope that helps.

    Jo

  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Nov 04, 2013

    OK so the cookie bit is easy as it looks like HTTP::request always puts the cookies at the end (very considerate of the TMOS/iRule guys). Here is what you would need to do;

    if {$request contains "Cookie:"} {
     Append the new cookie to an existing list
    append $request "; $semsession"
} else {
    append $request "Cookie: $smsession"
}
set gotpath 0
HTTP::retry $request

    Jo