cancel
Showing results for 
Search instead for 
Did you mean: 

API Endpoint on LTM

Mick
Altocumulus
Altocumulus

Hi

 

I'm trying to come up with a solution to meet the following flow/requirement:

 

  1. LTM presents a VIP that is an API endpoint for a web server
  2. Client requests authentication using json body, e.g. https://1.2.3.4:443/api/auth  -H 'Content-Type = application/json'  -d '{ "username": "testuser", "password": "testpwd", "clientContext": 1 }'
  3. APM does LDAP authorization on behalf of the web server using the username and password in the body
  4. Once authorized, F5 provides token/cookie to client for further API calls.

 

I have tried various combinations of solutions but cannot find a way to do this simply. Looked at API endpoint protection, APM policies, iRules, can't seem to get this simple use case working...

 

Thanks

Mick

2 REPLIES 2

Hi ,

 

I think you could use iRulesLX to parse the JSON body, set username and password as APM session variables, do LDAP Auth and then F5 sends the APM session cookie to the client.

 

KR

Daniel 

Mick
Altocumulus
Altocumulus

thanks I ended up getting this working with an irule