Forum Discussion

keda's avatar
keda
Icon for Nimbostratus rankNimbostratus
Feb 21, 2023

iRule - jwt is generated prior to authentication

Hoping you guys could shed some light on this, all our efforts have failed so far Scenario: Client hits https://service.com/example Initial uri is stored in an sessions variable called session.se...
application delivery
irule
jwt
saml
SSO
  • keda's avatar
    keda
    Feb 23, 2023

    Thanks Lucas_Thompson for helping out. ACCESS_ACL_ALLOWED did not help but your input lead us to try ACCESS_POLICY_AGENT_EVENT with a different approach and it appears to have done the trick!

    Thanks again

Lucas_Thompson's avatar
Lucas_Thompson
Icon for Employee rankEmployee

Hi Keda, it sounds like an interesting use case. As you've found, a per-session policy only executes a single time at the beginning.

To make the code execute upon every request, you can use Per-Request policies (and call your irule from there) or you can use iRules (use the ACCESS_ACL_ALLOWED event so you're inside the user's session context). In either Per-Request or iRules you can append an HTTP header to the user's request. Use the "http header replace" function (https://clouddocs.f5.com/api/irules/HTTP__header.html), as it will replace any existing and potentially incorrect user-supplied header.

keda's avatar
keda
Icon for Nimbostratus rankNimbostratus
Feb 23, 2023

Thanks Lucas_Thompson for helping out. ACCESS_ACL_ALLOWED did not help but your input lead us to try ACCESS_POLICY_AGENT_EVENT with a different approach and it appears to have done the trick!

Thanks again