cancel
Showing results for 
Search instead for 
Did you mean: 

Problem this snippet solves:

This is an example using HTTP cookie for authentication. If authentication is successful, a cookie will be sent to client. If next time, the AUTH cookie is present and valid, client will be passed immediately without being checked with AAA server. The cookie name, password, domain should be properly modified by user. This rule is for radius AUTH. If replacing radius with ldap or tacacs, it works too.

Code :

when CLIENT_ACCEPTED {
set authinsck 0
set forceauth 1
set ckname BIGXAUTH
set ckpass 1xxx5678
set ckvalue [IP::client_addr]
set ckdomain .y.z
set asid [AUTH::start pam default_radius]
}
when HTTP_REQUEST {
if {[HTTP::cookie exists $ckname]} {
HTTP::cookie decrypt $ckname $ckpass 128
if {[HTTP::cookie value $ckname] eq $ckvalue} {
set forceauth 0
}
HTTP::cookie remove $ckname
}
if {$forceauth eq 1} {
AUTH::username_credential $asid [HTTP::username]
AUTH::password_credential $asid [HTTP::password]
AUTH::authenticate $asid
HTTP::collect
}
}
when HTTP_RESPONSE {
if {$authinsck eq 1} {
HTTP::cookie insert name $ckname value $ckvalue path / domain $ckdomain
HTTP::cookie secure $ckname enable
HTTP::cookie encrypt $ckname $ckpass 128
}
}
when AUTH_SUCCESS {
if {$asid eq [AUTH::last_event_session_id]} {
set authinsck 1
HTTP::release
}
}
when AUTH_FAILURE {
   if {$asid eq [AUTH::last_event_session_id]} {
   HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""
   }
}
when AUTH_WANTCREDENTIAL {
   if {$asid eq [AUTH::last_event_session_id]} {
   HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""
   }
}
when AUTH_ERROR {
   if {$asid eq [AUTH::last_event_session_id]} {
HTTP::respond 401
   }
}
Comments
swo0sh_gt_13163
Altostratus
Altostratus
Can I make it working with Local Database? I mean configuring Data group with Username and Password hash? If yes, any examples? Thank you!
Tosin_Omojola
Altostratus
Altostratus

I have an application which has a link to BIGIP on its webtop. When the BIGIP app link is clicked on the webtop, I want BIGIP to verify user session coming from there before passing it on to the servers its loadbalancing.

 

If the user is not authenticated, he should be redirected to the login page otherwise, grant access to the resource.

 

Please How can I achieve that with this code snippet or other? Thanks

 

Tosin_Omojola
Altostratus
Altostratus

I guess this page is not monitored for user comments and questions...

 

Habib_Ulla_Khan
Nimbostratus
Nimbostratus

I have a VIP (no apm). this is application used in ipad. Once user logins to ipad he gets buttons to navigate to different application (which are vip with APM). As user is already logged into main application. Anytime he clicks on buttons (links to different application), he should get cookie authentication. Where will i apply this irule.. Should i apply on main VIP or applications which are referred as buttons.

 

Version history
Last update:
‎16-Mar-2015 16:04
Updated by:
Contributors