SSO authentication for web server with iRule

Question

Here i use Client Auth Using Http Cookie iRule 
&nbsp; ---------------------------------- 
&nbsp; when CLIENT_ACCEPTED { 
&nbsp;         set authinsck 0 
&nbsp;         set forceauth 1 
&nbsp;         set ckname BIGXAUTH 
&nbsp;         set ckpass 1xxx5678 
&nbsp;         set ckvalue [IP::client_addr] 
&nbsp;         set ckdomain .Acme.com 
&nbsp;         set asid [AUTH::start pam default_ldap] 
&nbsp; } 
&nbsp; when HTTP_REQUEST { 
&nbsp;         if {[HTTP::cookie exists $ckname]} { 
&nbsp;                 HTTP::cookie decrypt $ckname $ckpass 128 
&nbsp;                 if {[HTTP::cookie value $ckname] eq $ckvalue} { 
&nbsp;                         set forceauth 0 
&nbsp;                 } 
&nbsp;                 HTTP::cookie remove $ckname 
&nbsp;         } 
&nbsp;         if {$forceauth eq 1} { 
&nbsp;                 AUTH::username_credential $asid [HTTP::username] 
&nbsp;                 AUTH::password_credential $asid [HTTP::password] 
&nbsp;                 AUTH::authenticate $asid 
&nbsp;                 HTTP::collect 
&nbsp;         } 
&nbsp; } 
&nbsp; when HTTP_RESPONSE { 
&nbsp;         if {$authinsck eq 1} { 
&nbsp;                 HTTP::cookie insert name $ckname value $ckvalue path / domain $ckdomain 
&nbsp;                 HTTP::cookie secure $ckname enable 
&nbsp;                 HTTP::cookie encrypt $ckname $ckpass 128 
&nbsp;         } 
&nbsp; } 
&nbsp; when AUTH_SUCCESS { 
&nbsp;         if {$asid eq [AUTH::last_event_session_id]} { 
&nbsp;                 set authinsck 1 
&nbsp;                 HTTP::release 
&nbsp;         } 
&nbsp; } 
&nbsp; when AUTH_FAILURE { 
&nbsp;    if {$asid eq [AUTH::last_event_session_id]} { 
&nbsp;            HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\"" 
&nbsp;    } 
&nbsp; } 
&nbsp; when AUTH_WANTCREDENTIAL { 
&nbsp;    if {$asid eq [AUTH::last_event_session_id]} { 
&nbsp;            HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\"" 
&nbsp;    } 
&nbsp; } 
&nbsp; when AUTH_ERROR { 
&nbsp;    if {$asid eq [AUTH::last_event_session_id]} { 
&nbsp;                 HTTP::respond 401 
&nbsp;    } 
&nbsp; } 
&nbsp; -------------------------------------------- 
&nbsp; This Irule use for ldap auth. 
&nbsp; I create Acme.com domain 
&nbsp; So what changes required for cookie name &amp; password &amp; domain for successfull Auth using HTTP cookie 
&nbsp;  
&nbsp;

hoolio · Answer

Did you test the above rule?  If so, what were the results? 
&nbsp;  
&nbsp; The above iRule gets the username and password from the basic auth header.  If you want to parse the username and password from a different component, you could replace [HTTP::username] and [HTTP::password] with the commands you use to parse the user/pass. 
&nbsp;  
&nbsp; If I've missed your question, can you elaborate on what you're trying to accomplish, what you've tried and what's not working? 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Aaron

kris_52344 · Answer

i want to impliment single sign-on for the ldap authentication so whether that iRule is working fine or not 
&nbsp; and if yes then what chngesg i have to do in that iRule 
&nbsp; for cookie name, password and domain

Forum Discussion

SSO authentication for web server with iRule

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

Simple HTTP Authentication server

RADIUS server authenticating user with Google Authenticator

SSL Profiles Part 9: Server Authentication

iControl REST Authentication Token Management

iRule based RADIUS Server Stack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS