For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Sample Slack App for testing Mutual TLS with BIG-IP

Problem this snippet solves:

This Slack App was used with the following Code Snippet to test Mutual TLS.


This code was adapted from: https://api.slack.com/tutorials/tunneling-with-ngrok 

How to use this snippet:

npm install express

npm install request

node index.js (or whatever you name it)


Create a pool that points to the IP:Port where it is running (defaults to listening on 4390).


Once you add the app (follow the tutorial from above, but use a different command name like /mtls). Unlike the tutorial you will cover a "real" SSL certificate on the BIG-IP (must be publicly accessible from Slack's servers). Follow-up article with more details will be posted in the future.

Code :

// Import express and request modules
require('dotenv').config()
var express = require('express');
var request = require('request');
var querystring = require('querystring');

// Instantiates Express and assigns our app variable to it
var app = express();
//app.use(express.json());
app.use(express.urlencoded({ extended: true }));


// Again, we define a port we want to listen to
const PORT=4390;

// Lets start our server
app.listen(PORT, function () {
    //Callback triggered when server is successfully listening. Hurray!
    console.log("Example app listening on port " + PORT);
});


// This route handles GET requests to our root demo address and responds with the same "Demo is working message" we used before
app.get('/', function(req, res) {
    res.send('Demo is working! Path Hit: ' + req.url);
});

// This route handles get request to a /oauth endpoint. We'll use this endpoint for handling the logic of the Slack oAuth process behind our app.
app.get('/oauth', function(req, res) {
    // When a user authorizes an app, a code query parameter is passed on the oAuth endpoint. If that code is not there, we respond with an error message
    if (!req.query.code) {
        res.status(500);
        res.send({"Error": "Looks like we're not getting code."});
        console.log("Looks like we're not getting code.");
    } else {
        // If it's there...

        // We'll do a GET call to Slack's `oauth.access` endpoint, passing our app's client ID, client secret, and the code we just got as query parameters.
        request({
            url: 'https://slack.com/api/oauth.access', //URL to hit
            qs: {code: req.query.code, client_id: process.env.CLIENT_ID, client_secret: process.env.CLIENT_SECRET}, //Query string data
            method: 'GET', //Specify the method

        }, function (error, response, body) {
            if (error) {
                console.log(error);
            } else {
                res.json(body);

            }
        })
    }
});

// Route the endpoint that our slash command will point to and send back a simple response to indicate that ngrok is working
app.post('/command', function(req, res) {
    var certSan = req.get('X-Client-Certificate-SAN');
    if(certSan) {
        var cert = req.get('X-Client-Certificate');

        var formattedCert = '';
        for(i=0;i
Tested this on version:
13.0
Published Aug 29, 2019
Version 1.0
application delivery
BIG-IP
security
slack
No CommentsBe the first to comment