Preserving user name and password/passing variables

Question

Hello All,
    Is there any way to hold the user name/password values in a variable using IRules?
Can we pass a variable from IRule to another IRule?
 
ex) 
When going from from http to https triggered by a form action URL, the user name and password ONLY gets across to the https VS, but the realm value is lost and cannot be preserved in the URL.
What do you recommend the best method to post the realm value along with the credentials over https?

ex) Please put in an random username/password

http://www29.qad.com/partnercenter

NOTE: If you view source you will the realm value as hidden and defaulted to "realm1".

Is there way to retain user name and password using IRules and then concatenate the realm value 
to the post URL (i.e. http://www29.qad.com/partnercenter/?username;password,realm1....)

Any help is appreciated.

Thanks in advance.

Regards, 
TRX

hoolio · Answer

Hi TRX, 
&nbsp;  
&nbsp; The login page's form action is pointing to a local URI (/portal/site/partnercenter/template.LOGIN/action.process/).  The web app is redirecting the POST via HTTP to the same URI via HTTPS.  However, this isn't a secure method for accepting the user's credentials as the user has already submitted their username and password over HTTP.  I suggest you change the page that contains the login form to use https.  While you're changing the login form action, you could append the realm1 parameter as a hidden parameter when you redirect the user back to http. 
&nbsp;  
&nbsp; Aaron

trx · Answer

Changing the page that contains the login form to go over https is kind of complicated to do/explain at the moment. So with that said, is it possible to pass variables from IRule to IRule? And is it possible to hold the user name/password in variables using the IRules?  
&nbsp;  
&nbsp; Thanks in advance. 
&nbsp;  
&nbsp; Regards, 
&nbsp; TRX

hoolio · Answer

Hi TRX, &nbsp;
&nbsp; You could use a blank stream profile and STREAM::expression based iRule to rewrite the response content for the login page(s) to change the form action from a local reference to an absolute reference to https.  See the STREAM::expression wiki page for details: &nbsp;
&nbsp; http://devcentral.f5.com/Wiki/default.aspx/iRules/stream__expression &nbsp;
&nbsp; Also, you can save the user/pass to variables in an iRule.  If you need to share them across TCP connections, you could use the session table or in 10.x, you can use tables: &nbsp;
&nbsp; http://devcentral.f5.com/Wiki/default.aspx/iRules/session 
&nbsp; http://devcentral.f5.com/Wiki/default.aspx/iRules/table&nbsp;
&nbsp; Aaron

Forum Discussion

Preserving user name and password/passing variables

Recent Discussions

Help needed with iRule (connection closed log )

AS3 Limitations

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

APM variable assign examples

iRules variables in BIG-IP Next: behavior change

Getting Started with iRules: Variables

HTTP POST redirect preserving POST data

iRule variable

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS