For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Squeak's avatar
Squeak
Icon for Cirrus rankCirrus
Oct 06, 2021

Send cookie to client after authenticated by APM

Hi,

 

I´ve a scenario that requires that the APM sends a cookie back to the client after the user has been authenticated by the APM but before the user "hits" the backend server.

 

Normally I would have use the "when HTTP_RESPONSE" to insert the cookie to the client but  that requires the traffic has been sent by the backend server.     

 

//Cheers Mikael

 

application delivery
BIG-IP Access Policy Manager (APM)
iRules

3 Replies

  • kgaigl's avatar
    kgaigl
    Icon for Cirrocumulus rankCirrocumulus
    Oct 18, 2021

    we've an IRule like this:

    when ACCESS_ACL_ALLOWED {
   set user [ACCESS::session data get "session.logon.last.username"]
}
when HTTP_REQUEST_RELEASE {
               HTTP::header insert "X-Forwarded-User" $user
}
when HTTP_RESPONSE_RELEASE {
    log local0. "[HTTP::status] [HTTP::header "Location"]"
}

    so maybe you can change this to your needs, for example instead of "header insert" "cookie insert"

    • Squeak's avatar
      Squeak
      Icon for Cirrus rankCirrus
      Oct 18, 2021

      Hi kgaigl and thank you for your reply.

      I want the APM to send back a cookie after the client are authenticated but before the client reaches the backend server, so I can´t use 

      when HTTP_RESPONSE_RELEASE

      or 

      when HTTP_RESPONSE

      Any more ideas?

      //Mikael

  • kgaigl's avatar
    kgaigl
    Icon for Cirrocumulus rankCirrocumulus
    Oct 18, 2021
    when ACCESS_ACL_ALLOWED

    is when the Client is authenticated