22-Apr-2020 10:12
Hi,
I am trying to do form based HTTP authentication. Form method is POST. I did wireshark (when connecting to server directly) and HTML form includes:
username
password
_token
submit
Username and password is OK. Submit is sent empty. The problem I have is with parameter _token. This parameter is taken from HTML response when entering the site: <meta name="csrf-token" content="MrMacUlmD6vlcdZsuVP8csCakwAwXXgqaDqaIO1Q">\n and sent back during the authentication.
My question is: how get the token variable to the POST? Using iRules? Or is there easier way of doing it?
thank you
29-Apr-2020 11:11
there are two types of form based SSO (you are doing SSO right?)
you might want the client initiated one, there you wouldnt have to worry about the csrf-token issue
https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-0-0/25.html
27-Apr-2022 09:14