Proxy Auth
Problem this snippet solves:
Provides Authentication offload onto an service such as LDAP.
How to use this snippet:
For the purposes of testing this example I'm using a Universal persistence based on the user that has been authenticated. In reality it would be better to combine this rule with the proxy node hashing iRule elsewhere on DevCentral.
Code :
when CLIENT_ACCEPTED { set authinsck 0 set asid [AUTH::start pam _sys_auth_ldap] } when HTTP_REQUEST { set ProxyAuth [b64decode [substr "[HTTP::header values Proxy-Authorization]" 7 "\}"]] set ProxyUser [getfield $ProxyAuth ":" 1] set ProxyPass [getfield $ProxyAuth ":" 2] set ProxyUserIP [IP::client_addr] log local0. "ProxyUser: $ProxyUser ProxyUserIP: $ProxyUserIP" AUTH::username_credential $asid $ProxyUser AUTH::password_credential $asid $ProxyPass AUTH::authenticate $asid HTTP::collect HTTP::header insert X-Authenticated-User $ProxyUser HTTP::header insert X-Forwarded-For $ProxyUserIP persist uie $ProxyUser } when HTTP_RESPONSE { persist add uie $ProxyUser 3600 } when AUTH_SUCCESS { if {$asid eq [AUTH::last_event_session_id]} { set authinsck 1 HTTP::release } } when AUTH_FAILURE { if {$asid eq [AUTH::last_event_session_id]} { HTTP::respond 407 "Proxy-Authenticate" "Basic realm=\"Proxy Service\"" } } when AUTH_WANTCREDENTIAL { if {$asid eq [AUTH::last_event_session_id]} { HTTP::respond 407 "Proxy-Authenticate" "Basic realm=\"Proxy Service\"" } } when AUTH_ERROR { if {$asid eq [AUTH::last_event_session_id]} { HTTP::respond 407 } }
Published Mar 18, 2015
Version 1.0John_McInnes_44
Nimbostratus
Joined May 18, 2006
John_McInnes_44
Nimbostratus
Joined May 18, 2006
No CommentsBe the first to comment