Forum Discussion

coriolis_75734's avatar
coriolis_75734
Icon for Nimbostratus rankNimbostratus
Jul 27, 2017

SSO using JSON POST?

Is it possible using APM to create a JSON payload containing the username/password to be used on particular start URIs? We have an app which requires this as the POST on the sign in page and i'm trying to SSO with the known user credentials.

 

  • further information:

    JSON:

     

    {"parameters":[{"name":"CAMNamespace","value":"NamespaceName"},{"name":"h_CAM_action","value":"logonAs"},{"name":"CAMUsername","value":"USERNAME"},{"name":"CAMPassword","value":"PASSWORD"}]}

     

     

  • Josiah_39459's avatar
    Josiah_39459
    Historic F5 Account

    Does the app have a logon page? If there is a logon page then formsv2 should work in most instances. It works just like a user would logging into the page and automatically submitting the form.

     

    If the ONLY way to logon is posting JSON to a specific url (and there is no UI interface for it), you could still do that via a sideband irule.

     

  • Hi,

     

    You can use an irule to build a POST request with JSON payload and send it using the sideband commands.

     

    You can also use an HTTP Authentication object (in AAA tab) and build your request headers and payload. HTTP Authentication can be triggered from within the VPE only.

     

    If you need to trigger the SSO after authentication process complete, you can only use an irule or iruleLX.

     

    Yann

     

  • Where can I find out more on this? I have apps with their own login page, one is mobile, I need to secure these with APM. I realize this isn't a checkbox solution but where can I find info on how to do the steps in the process?

     

    There are several threads where someone is doing the same, with no answers. I've been working, trial and error with a mobile app, trying to capture the creds and submit to the mobile app server. There's a lot of trial and error. Documentation on this process would be great.

     

  • Hi,

     

    As I mentioned Yann, the use of SIDEBAND is a good compromise for this kind of situation. in the past I already had to make irules to overcome this problem because basic SSO profiles did not meet my needs.

     

    and in some cases in addition to the SSO I had to replay some headers (CSRF).

     

    now I have gained some comfort for this kind of need so if you need help on the subject I can bring it to you (Try to built an irule).

     

    Keep me in touch.

     

    Regards

     

    • schmuck's avatar
      schmuck
      Icon for Nimbostratus rankNimbostratus

      Hi  ,

      Can you explain how you did this with the sideband rule?

  • Hi, Josiah may refer to Form Based SSO or Client Initiated Form Based SSO. Those are the only two options available for HTTP forms SSO. Traditional Forms SSO can fit if there is no dynamic hidden input in the form. Client Initiated Forms SSO help when Traditional Forms SSO won't works.

     

    Hope it helps

     

    Yann

     

  • Hello guys

    I'm have a problem in the forum based which I think it is related to this topic

    Using APM v13.1, When I create a forum based for a web application configured in the portal access, I got this error message from the web application:

     

    {"Message":"The request entity's media type 'application/x-www-form-urlencoded' is not supported for this resource."}

     

    Does this mean I should customize the web application code to accept: x-www-form-urlencoded for the forum based to work ?

    Thanks

    • Abhisar's avatar
      Abhisar
      Icon for Nimbostratus rankNimbostratus

      Hi

       

      I an facing same issue? You were able to fix? Can you share steps.

       

      thanks