Client Auth Using HTTP Cookie
Problem this snippet solves:
This is an example using HTTP cookie for authentication. If authentication is successful, a cookie will be sent to client. If next time, the AUTH cookie is present and valid, client will be passed immediately without being checked with AAA server. The cookie name, password, domain should be properly modified by user. This rule is for radius AUTH. If replacing radius with ldap or tacacs, it works too.
Code :
when CLIENT_ACCEPTED { set authinsck 0 set forceauth 1 set ckname BIGXAUTH set ckpass 1xxx5678 set ckvalue [IP::client_addr] set ckdomain .y.z set asid [AUTH::start pam default_radius] } when HTTP_REQUEST { if {[HTTP::cookie exists $ckname]} { HTTP::cookie decrypt $ckname $ckpass 128 if {[HTTP::cookie value $ckname] eq $ckvalue} { set forceauth 0 } HTTP::cookie remove $ckname } if {$forceauth eq 1} { AUTH::username_credential $asid [HTTP::username] AUTH::password_credential $asid [HTTP::password] AUTH::authenticate $asid HTTP::collect } } when HTTP_RESPONSE { if {$authinsck eq 1} { HTTP::cookie insert name $ckname value $ckvalue path / domain $ckdomain HTTP::cookie secure $ckname enable HTTP::cookie encrypt $ckname $ckpass 128 } } when AUTH_SUCCESS { if {$asid eq [AUTH::last_event_session_id]} { set authinsck 1 HTTP::release } } when AUTH_FAILURE { if {$asid eq [AUTH::last_event_session_id]} { HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\"" } } when AUTH_WANTCREDENTIAL { if {$asid eq [AUTH::last_event_session_id]} { HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\"" } } when AUTH_ERROR { if {$asid eq [AUTH::last_event_session_id]} { HTTP::respond 401 } }
- swo0sh_gt_13163AltostratusCan I make it working with Local Database? I mean configuring Data group with Username and Password hash? If yes, any examples? Thank you!
- Tosin_OmojolaAltostratus
I have an application which has a link to BIGIP on its webtop. When the BIGIP app link is clicked on the webtop, I want BIGIP to verify user session coming from there before passing it on to the servers its loadbalancing.
If the user is not authenticated, he should be redirected to the login page otherwise, grant access to the resource.
Please How can I achieve that with this code snippet or other? Thanks
- Tosin_OmojolaAltostratus
I guess this page is not monitored for user comments and questions...
- Habib_Ulla_KhanNimbostratus
I have a VIP (no apm). this is application used in ipad. Once user logins to ipad he gets buttons to navigate to different application (which are vip with APM). As user is already logged into main application. Anytime he clicks on buttons (links to different application), he should get cookie authentication. Where will i apply this irule.. Should i apply on main VIP or applications which are referred as buttons.