Form Based Authentication with Tomcat not working on F5

DanielK · ‎03-Nov-2022

I have a virtual Server on the BigIP with a SSL client profile. The backend Tomcat server is accessible via http and offers the Tomcat form based authentication.

I always get "Wrong Username or Password"

It seems the Tomcat responds with status 302 and redirects to a http url, but even when enabling rewriting to https i can´t get it work. It seems the session information oder cookie gets lost but i am stuck in analysis. As the Tomcat form based authentication is a standard i wonder if someone is using this and got it working.

Kind regards

Daniel

DanielK · ‎06-Nov-2022

Thanks for your help!

We found a knowledgebase article within oracle regarding weblogic tomcat:

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=374373149006457&id=2139594.1&_adf.ct...

and removed the referer header with this iRule:

when HTTP_REQUEST { if { [HTTP::path] ends_with "/j_security_check" } { HTTP::header remove "Referer" } }

View solution in original post

Dario_Garrido · ‎04-Nov-2022

Hello @DanielK,

It's difficult to troubleshoot this only using the description above, but I will try to give some tips that could be helpful in order to get a solution.

1. Does the backend server require to use a persistence profile in the F5 to track the cookie?
2. Use OneConnect, sometimes it helps to fix some rare conditions.
3. Take a PCAP a try to figure out what the difference is between accessing through the VS and directly.

Regards,
Dario.

DanielK · ‎06-Nov-2022