Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

HTTP auth - Calling external API with parameters

ktm_2000
Altostratus
Altostratus

Folks I am relatively new to F5 and am trying to do a custom auth by passing paramaters to an API and getting a response.

The api is expecting me to call     url\param1\param2\param3

Upon success it currently returns true

I've tested HTTP auth by setting up an AAA server and tried basic auth and I can build a statement with the required parameters and get it sent to the API and the API is successfully evaluating the conditions as expected.   If the API replys with true on success or with false for failure the F5 is considering either condition a success.

my issue is that in forms or custom post,  you can define what the success criteria is and in basic that option is not available.     I can have the developer code whatever is needed for a successful response but am struggling to find out what the F5 is looking for to determine a successfull response.

 

I have found the following and it seems that it is looking for a "200" as success

 https://stackoverflow.com/questions/32671292/determine-whether-a-basic-authentication-login-was-succ...

 

Can anyone confirm that the F5 is indeed looking for a "200" response?

thanks in advance!!!!

1 ACCEPTED SOLUTION

When using Basic authentication a status code of 200 means that all is okay and no authentication is needed or that authentication already was successful. The server should respond with a status code of 401, until the client has been successfully authenticated. The picture below shows how it should work.

1F2E2578-3C7F-4B0C-8D47-81E6DF493726.png

 

View solution in original post

2 REPLIES 2

When using Basic authentication a status code of 200 means that all is okay and no authentication is needed or that authentication already was successful. The server should respond with a status code of 401, until the client has been successfully authenticated. The picture below shows how it should work.

1F2E2578-3C7F-4B0C-8D47-81E6DF493726.png

 

ktm_2000
Altostratus
Altostratus

Thank you,   We had it coded to reply http 200 for both and had text to differentiate between valid or not.   I had the developer throw http 401 - unauthorized for false and redeployed.

All is working well.    Thank you for your insight!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!