I have a mobile application that was not designed for OTP. Now as per the new initiative, we are including the OTP feature.
Mobile User -> F5 -> Middleware (application server integration with mobile webservice) ->Application server.
We have SSL traffic from the mobile device till the middleware, with SSL passing the traffic with client and server SSL profiles.
When user starts the mobile app, he will be prompted for the username and password from the application server (the login page is sent from the middleware). After successful authentication, the middleware sends a page for OTP (Application server is not aware of this. When the user enters the OTP, APM is only enabled now. I capture the username and OTP via irules, and authenticate them with my OTP server that is integrated with APM. Till now everything goes well.
But as the data transfer is complete, APM does not send any data to the middleware which is waiting for the OTP data. I have duplicated the HTTP request with the OTP data in json payload and send it to the server via sideband connection.
As the sideband requires an HTTP VS, I have configured an HTTP VS for this purpose with server SSL profile enabled as well. As I was not able to make any successful connectivity (SSL negotiation fails... I have copied the same cipher values as that of the server to the SSL server profile) using the sideband configuration, I installed the HTTP-Super-SIDEBAND irule as per the below link.
When I use the vs-HSSR-helper, I get a server connectivity failure error from LB_FAILED event of the HSSR-helper irule. When I use my actual HTTP VS (which was configured for the sideband connectivity), I see the connection getting established, and the json payload also gets transferred. Now the issue is that the client IP shows 127.1.1.1, and hence the middleware is not able to process the request correctly. Unfortunately I will be able to insert the client IP only with the HSSR-helper VS. But HSSR-helper VS fails to connect to my HTTP or HTTPS middleware VS.
I am struck now. Request your help.
13-Oct-2018 09:24 - last edited on 19-Dec-2022 15:53 by JimmyPackets
You might also consider to use iRulesLX instead of Sideband. For an example see:
Seems a wonderful option. But mine is a POST request, where I already have captured the JSON payload via irule. I have to push the payload to the middleware using any connectivity (sideband connection in my case) from the ACCESS_POLICY_AGENT_EVENT event.
That is also possible, but then you would have to modify the nodejs code. You can find a post example here:
Thank you very much for the assistance. I was able to fix it with the "HTTP::header insert "clientless-mode" 1" option.