Forum Discussion
Andreia
Cirrus
CirrusiRule - Authorization Bearer / Basic
Hi everyone!
I'm trying to "translate" a postman request to an iRule, however, I need help because I have no idea how to handle this in an iRule.
When the request is of type BasicAuth, origin service now, BIG-IP must send the attribute in the X-HUB-BASIC header to the API address, the value is received from BasicAuth
When the request is of the BearerAuth type, origin service now, BIG-IP must send the API address the attribute in the X-HUB-JWT header, the value is received from BearerAuth.
Thanks in advance.
HTTP_REQUEST is in the request which goes to the backend server, HTTP_RESPONSE is for the response from the server to the client. To correct your iRule:
when HTTP_REQUEST { if { [HTTP::header Authorization] contains "Basic" } { log local0.debug "Basic: [HTTP::header Authorization]" HTTP::insert X-HUB-BASIC "[HTTP::header Authorization]" } elseif { [HTTP::header Authorization] contains "Bearer" } { log local0.debug "Bearer: [HTTP::header Authorization]" HTTP::insert X-HUB-Bearer "[HTTP::header Authorization]" } }
PeteWhiteEmployee
is actually pretty simple - the relevant piece is the Authorization header. For Basic auth, it starts with the term Basic, for Bearer it starts with the term Bearer.
So the first thing to do is to is to create the pseudocode:
if Authorization header contains Basic insert header X-HUB-BASIC with Authorization header elseif Authorization header contains Bearer insert header X-HUB-JWT with Authorization header endifTo do a proof of concept to detect the difference, try this iRule:
when HTTP_REQUEST { if { [HTTP::header Authorization] contains "Basic" } { log local0.debug "Basic: [HTTP::header Authorization]" elseif { [HTTP::header Authorization] contains "Bearer" } { log local0.debug "Bearer: [HTTP::header Authorization]" } }- Andreia
Hi! Thanks for the reply!
That insert wouldn't be inside the HTTP_REQUEST, would it?- PeteWhite
yes, it would. Presumably you want to insert the HTTP header into the request which goes to the backend server.
- Andreia
Yes, I want to insert the header inside the request which goes to the backend server. Actually I don't know if it would be in HTTP_RESPONSE or HTTP_RESPONSE_RELEASE.
Would it be something like this?
when HTTP_RESPONSE {
if { [HTTP::header Authorization] contains "Basic" } {
log local0.debug "Basic: [HTTP::header Authorization]"
HTTP::insert X-HUB-BASIC "[HTTP::header Authorization]"
} elseif { [HTTP::header Authorization] contains "Bearer" } {
log local0.debug "Bearer: [HTTP::header Authorization]"
HTTP::insert X-HUB-Bearer "[HTTP::header Authorization]"
}
}
