Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

APM HTTP auth

PeterM
Nimbostratus
Nimbostratus

‎22-Apr-2020 10:12

Hi,

I am trying to do form based HTTP authentication. Form method is POST. I did wireshark (when connecting to server directly) and HTML form includes:

username

password

_token

submit

 

Username and password is OK. Submit is sent empty. The problem I have is with parameter _token. This parameter is taken from HTML response when entering the site:   <meta name="csrf-token" content="MrMacUlmD6vlcdZsuVP8csCakwAwXXgqaDqaIO1Q">\n and sent back during the authentication.

 

My question is: how get the token variable to the POST? Using iRules? Or is there easier way of doing it?

 

thank you

Labels:
0 Kudos
4 REPLIES 4

boneyard
MVP
MVP

‎29-Apr-2020 11:11

there are two types of form based SSO (you are doing SSO right?)

 

you might want the client initiated one, there you wouldnt have to worry about the csrf-token issue

 

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-0-0/25.html

PeterM
Nimbostratus
Nimbostratus

‎12-May-2020 04:26

Hi, no, I used Access -> Authentication -> HTTP. But if SSO is better then I use it.

0 Kudos

Manideep
Nimbostratus
Nimbostratus

‎19-Apr-2022 06:46

I got the same issue, any solution on this?

0 Kudos

Manideep
Nimbostratus
Nimbostratus

‎27-Apr-2022 09:14

I am using form based SSO, and I tried pass csrf_token as hidden parameter, still I am getting 403 forbidden error - CSRF verification failed. Request aborted. 

Hidden parameters - csrf_token submit

 

Preview file
4 KB
0 Kudos
Copyright © 2023 Khoros, LLC