Forum Discussion

  • Dmitriy_Sysoev - If your post was solved it would be helpful to the community to select *Accept As Solution*.
    This helps future readers find answers more quickly and confirms the efforts of those who helped.
    Thanks for being part of our community.
    Lief

  • Dmitriy_Sysoev  I had some time to play with this.

     

    As the tokens are encrypted you will need to use a variable assign agent to decrypt them and then you can display them with sessiondump or in the GUI with a ''message box'' agent or in the logs with a "Logging" agent etc. You can use even API as the session dump is a linux command:

    https://community.f5.com/t5/technical-forum/running-bash-commands-via-rest-api/td-p/272516

    https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_command_module.html

     

     

     

    This article will give you the idea and by adding the refresh token in the logs, even after the session is over you can see the token in the /var/log/apm or in a SIEM if you are sending the logs to a syslog server but be carefull with the security concerns ! :

     

    https://my.f5.com/manage/s/article/K07645403

    https://my.f5.com/manage/s/article/K11123

     

     

    [root@bigip3:Active:Standalone] config # sessiondump --allkeys | grep token
    e233abe6.session.oauth.client./Common/AS-Opaque-Test.access_token 10 **********
    e233abe6.session.oauth.client./Common/AS-Opaque-Test.refresh_token 10 **********
    e233abe6.session.oauth.client./Common/AS-Opaque-Test.token_type 6 Bearer
    e233abe6.session.oauth.client./Common/access-oauth-client-res_act_oauth_client_ag.access_token 10 **********
    e233abe6.session.oauth.client./Common/access-oauth-client-res_act_oauth_client_ag.refresh_token 10 **********
    e233abe6.session.oauth.client./Common/access-oauth-client-res_act_oauth_client_ag.token_type 6 Bearer
    e233abe6.session.oauth.client.last.access_token 10 **********
    e233abe6.session.oauth.client.last.refresh_token 10 **********
    e233abe6.session.oauth.client.last.token_type 6 Bearer

     


    [root@bigip3:Active:Standalone] config # sessiondump --allkeys | grep custom
    e233abe6.session.client.browscap_info 103 uimode=0&ctype=Mozilla&cversion=5&cjs=1&cactivex=0&cplugin=0&cplatform=Win10&cpu=x64&ccustom_protocol=1
    e233abe6.session.client.custom_protocol 1 1
    e233abe6.session.custom.refresh 64 68bee27f2978728636b7a680063216b40df3c0fc2ce0773ca1ef677e8c4e2169
    [root@bigip3:Active:Standalone] config #