Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Form Based Authentication with Tomcat not working on F5

DanielK
Nimbostratus
Nimbostratus

I have a virtual Server on the BigIP with a SSL client profile. The backend Tomcat server is accessible via http and offers the Tomcat form based authentication.

I always get "Wrong Username or Password"

It seems the Tomcat responds with status 302 and redirects to a http url, but even when enabling rewriting to https i can´t get it work. It seems the session information oder cookie gets lost but i am stuck in analysis. As the Tomcat form based authentication is a standard i wonder if someone is using this and got it working.

 

Kind regards

Daniel 

1 ACCEPTED SOLUTION

DanielK
Nimbostratus
Nimbostratus

Thanks for your help!

We found a knowledgebase article within oracle regarding weblogic tomcat:

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=374373149006457&id=2139594.1&_adf.ct...

 

and removed the referer header with this iRule:

 

when HTTP_REQUEST { if { [HTTP::path] ends_with "/j_security_check" } { HTTP::header remove "Referer" } }

View solution in original post

2 REPLIES 2

Hello @DanielK,

 

It's difficult to troubleshoot this only using the description above, but I will try to give some tips that could be helpful in order to get a solution.

1. Does the backend server require to use a persistence profile in the F5 to track the cookie?
2. Use OneConnect, sometimes it helps to fix some rare conditions.
3. Take a PCAP a try to figure out what the difference is between accessing through the VS and directly.

 

Regards,
Dario.

DanielK
Nimbostratus
Nimbostratus

Thanks for your help!

We found a knowledgebase article within oracle regarding weblogic tomcat:

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=374373149006457&id=2139594.1&_adf.ct...

 

and removed the referer header with this iRule:

 

when HTTP_REQUEST { if { [HTTP::path] ends_with "/j_security_check" } { HTTP::header remove "Referer" } }