For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

david78's avatar
david78
Icon for Nimbostratus rankNimbostratus
Oct 06, 2011

Log username with SSO ...

Hi,

 

 

To log the username i used this iRules :

 

 

when HTTP_REQUEST {

 

set client_username "[HTTP::username]"

 

}

 

 

But with the SSO, the client don't send the autorization header, but the SSO's cookie...

 

==> my iRules failed :(

 

 

It's there an another way to get the username ?

 

 

application delivery
dev
devops
iRules

5 Replies

  • david78's avatar
    david78
    Icon for Nimbostratus rankNimbostratus
    Oct 11, 2011
    No one can help me ? :'(

     

     

    Is there another way to get ID ?
  • Brian_69413's avatar
    Brian_69413
    Icon for Nimbostratus rankNimbostratus
    Oct 11, 2011
    If the username is encrypted with Kerberos, then the F5 will not be able to extract it. I don't think this can be done without some engineering of the app, but someone may have another idea.
  • c_p_i_o_17707's avatar
    c_p_i_o_17707
    Historic F5 Account
    Oct 11, 2011
    Are you running v11?

     

    If yes, do you have AUTHENTICATION module licensed?

     

    If yes, you should be able to get this information by configuring APM and making use of ACCESS::user command.

     

    APM has kerberos support builtin.

     

     

    This is documented here.

     

    http://devcentral.f5.com/wiki/iRules.ACCESS__user.ashx

     

     

    Hope this helps.

     

  • david78's avatar
    david78
    Icon for Nimbostratus rankNimbostratus
    Oct 12, 2011

    hi,

     

     

    thank you for your response.

     

    Yes, i have v11 & APM, but I don't understand how works ACCESS::user command :(

     

     

    I found something else :

     

    set client_username [ACCESS::session data get session.logon.last.username]

     

     

     

    And i work :D