For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

karthik_sriniva's avatar
karthik_sriniva
Icon for Nimbostratus rankNimbostratus
Apr 12, 2005

Multiple Auth

Hi,   Can someone post an example on how to do multiple authentication.   For example, first one could be radius auth and the next one could be ldap authentication.     Thank...
application delivery
dev
devops
iRules
Robert_Decker_2's avatar
Robert_Decker_2
Icon for Nimbostratus rankNimbostratus
Mar 10, 2006
I am trying to modify the existing post for ldap only authentication. It will be used in a dual auth rule with SSL. I would like to see what the results are for this instead of sys auth ldap I am currently using. I am having problems with the modified rule included below. The big ip will not contact the ldap server until I click stop in the browser toolbar. Could somebody tell me what I have done incorrectly?

 

 

when CLIENT_ACCEPTED {

 

set ldap_authed 0

 

 

}

 

when HTTP_REQUEST {

 

set username [HTTP::username]

 

set password [HTTP::password]

 

set asid_ldap [AUTH::start pam default_ldap]

 

AUTH::username_credential $asid_ldap $username

 

AUTH::password_credential $asid_ldap $password

 

AUTH::authenticate $asid_ldap

 

HTTP::collect

 

}

 

when AUTH_SUCCESS {

 

if {$asid_ldap eq [AUTH::last_event_session_id]} {

 

set ldap_authed 1

 

}

 

 

if {$ldap_authed == 1} {

 

HTTP::release

 

}

 

 

}

 

when AUTH_FAILURE {

 

if {$asid_ldap eq [AUTH::last_event_session_id] } {

 

HTTP::respond 401

 

}

 

}

 

when AUTH_WANTCREDENTIAL {

 

if {$asid_ldap eq [AUTH::last_event_session_id] } {

 

HTTP::respond 401

 

}

 

}

 

when AUTH_ERROR {

 

if {$asid_ldap eq [AUTH::last_event_session_id] } {

 

HTTP::respond 401

 

}

 

}

 

 

Thank you for your help,

 

Rob