CirrusWe've got four Big-IP pairs, two running 11.6.1 and two running 12.1.3.2. When we connect to the API we get a token in the response but the they're different lengths. The 11.6.1 Big-IPs return a 128 character token while the 12.1.3.2 boxes return a 26 character token.
Searching hasn't helped. Does anyone know why the token is shorter or if there's a setting somewhere that I can tweak to make my security folks happy?
Thanks
CirrostratusWhich API you mention on BIG-IP?
CirrusPer the instructions here: Authentication and Authorization
I'm hitting /mgmt/shared/authn/login. The code and returned tokens are shown below. Only difference is length.
curl --location --request POST 'https://v11_6_1-Big-IP/mgmt/shared/authn/login' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic 'xxxxxxxxxxxxxxxxxxxxxxxx' \
--data-raw '{
"username":"USER",
"password":"PASSWORD",
"loginProviderName":"tmos"
}'
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
curl --location --request POST 'https://v12_1_3_2-Big-IP/mgmt/shared/authn/login' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxx' \
--data-raw '{
"username":"USER",
"password":"PASSWORD",
"loginProviderName":"tmos"
}'
XXXXXXXXXXXXXXXXXXXXXXXXXX
CirrostratusHi,
From my reserach about iControl REST API Guide on both version. It doesn't mention about API Token length.
Normally if document not said anything. It mean you cannot change / modify, cause it seem like a hardcode in F5 software.
To make sure, please open case to F5 support. I think support can help you to answer.
CirrusThanks, I did open a support case and they're still looking into it.
CirrusFYI, Support went off to the dev team and eventually they did say that the token generation was changed to be both shorter and more secure.