Forum Discussion

Chris_Kozloski_'s avatar
Chris_Kozloski_
Icon for Nimbostratus rankNimbostratus
Jun 27, 2017

iRule to Check for Bearer Token in Auth Headers

I have a requirement where I need to be able to check and see if an oauth bearer token exists in the authentication headers before I pass it to the backside server(s).

 

Right now we are running 11 code and even if we upgrade to 13, we have an oauth environment already and do not want to use F5 to handle the authentication piece. We only need to be able to verify that the client has a token and that the client cert is valid.

 

Essentially, I would like to do the following:

 

  1. Check HTTP Authorization headers for Bearer and make sure that Bearer has a value
  2. If Bearer has a value then check that the client certificate fingerprint matches a class list of allowed fingerprints.
  3. If this passes then allow the traffic to a gateway behind the F5's that will verify the OAUTH token against the authentication source.
  4. If either of these fails, reject the traffic and send a generic error back to client.

Any help to be able to accomplish this via an iRule would be greatly appreciated.

 

  • Hi,

     

    You can try this code for step 1 :

     

    when HTTP_REQUEST {
        if { [HTTP::header exists Authorization] and [HTTP::header Authorization] contains "Bearer" and [getfield [HTTP::header Authorization] " " 2] != "" } {
         some code
        }
    }
    • shadi_darwish's avatar
      shadi_darwish
      Icon for Nimbostratus rankNimbostratus

      ​how can I load balance with persistence using Bearer Token in Auth Headers