Forum Discussion

Nimbostratus

Oct 03, 2013

How to use APM external logon pages?

Hi, I need to authenticate users accessing to my web application. To do that i'm using an authentication profile with the built-in logon page (linked with a radius server). It's working perfectly. Bu...

application delivery

BIG-IP Access Policy Manager (APM)

Nimbostratus

Dec 19, 2014

To anyone else looking to achieve this, I was able to do it using an iRule provided by an F5 resource:

start of irule

when RULE_INIT { must recognize attempts to login to application (e.g., CareLink) set static::login_action "/EpicCareLink/common/epic_check.asp" set static::uid_field "Account_ID" }

when HTTP_REQUEST { set savecreds false if {([HTTP::uri] eq $static::login_action) && ([HTTP::method] eq "POST")} { client is attempting application login, so we will save the username set savecreds true set uid "" set clen [HTTP::header Content-Length] set clen [expr {(($clen eq "") || ($clen > 10240)) ? 10240 : $clen}] if {$clen > 0} { HTTP::collect $clen } return } }

when HTTP_REQUEST_DATA { foreach field [split [HTTP::payload] "&"] { foreach {n v} [split $field "="] { if {$n eq $static::uid_field} { set uid [URI::decode $v] } } if {$uid ne ""} { break } } HTTP::release }

when ACCESS_ACL_ALLOWED { if { $savecreds } { ACCESS::session data set session.custom.carelinkusername $uid } }

end of irule

kmurphy_130520
Nimbostratus
Dec 19, 2014
sorry the format was absolutely butchered there. If a moderator could edit that into a code block that'd be great. Thanks

DenisG_22372

Historic F5 Account

Jul 29, 2016

when RULE_INIT {
    must recognize attempts to login to application (e.g., CareLink) 
    set static::login_action "/EpicCareLink/common/epic_check.asp" 
    set static::uid_field "Account_ID" }

when HTTP_REQUEST {
    set savecreds false
    if {([HTTP::uri] eq $static::login_action) && ([HTTP::method] eq "POST")} {
        client is attempting application login, so we will save the username 
        set savecreds true 
        set uid "" 
        set clen [HTTP::header Content-Length] 
        set clen [expr {(($clen eq "") || ($clen > 10240)) ? 10240 : $clen}] 
        if {$clen > 0} { HTTP::collect $clen } 
        return
    }
}

when HTTP_REQUEST_DATA {
    foreach field [split [HTTP::payload] "&"] {
        foreach {n v} [split $field "="] {
            if {$n eq $static::uid_field} {
                set uid [URI::decode $v] 
            }
        }
        if {$uid ne ""} { break }
    }
    HTTP::release
}

when ACCESS_ACL_ALLOWED {
    if { $savecreds } {
        ACCESS::session data set session.custom.carelinkusername $uid
    }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)