For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

michael_61082's avatar
michael_61082
Icon for Nimbostratus rankNimbostratus
May 08, 2010

Single Sign On - Cookie + Basic Auth

I am currently using an ISAPI filter, basic authentication, and a cookie to achieve single sign on for a portfolio of web applications/servers. I'd like to be able to cut out the ISAPI filter for ea...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
May 11, 2010
Hi Michael,

 

 

That seems fairly reasonable to achieve in an iRule. I don't think it would be a simple iRule to start with though. If you want LTM to authenticate the client requests against an LDAP database, you'd need to get the Advanced Client Authentication module. You can check with an F5 salesperson or partner to find out how much that would cost (http://www.f5.com/howtobuy).

 

 

One small note: base64 encoding wouldn't encrypt or secure the username/password. If you want to store the user/pass in a reversible form in a cookie, you'd probably want to encrypt, base64 encode and then URL encode the values.

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/AES__encrypt.html

 

http://devcentral.f5.com/wiki/default.aspx/iRules/b64encode

 

http://devcentral.f5.com/wiki/default.aspx/iRules/uri__encode

 

 

Aaron