login
8 Topicsapm session variable from part of uri...
Hey all, I have a problem I need to solve. We have an application that uses a mobile app, the app does authentication with apm(local sp/external idp) through one browser and then accesses the the backend server in another session.. and the apm is not aware of that second one so it gerenrates a new login which fails and the app cannot login. The app passes a identification value the the urls which the app uses.. I want to do the same. Does anyone know or have any tips on how i can catch part of the uri (sort of like this https://test.com/sessionid=1234-5678-9101) that contains the sessionid and apply it to a session variable? /Kim106Views0likes3Comments16.0.1 LTM OVA Login
Hi folks, Apologies for the simple question. I've downloaded the BIG-IP LTM 16.0.1-0.0.3 ova and installed it on ESXi 7. It's there no problems, I can log into the cli with root/default, give it a management address that I can browse to, but I can't log into the gui with admin/admin. I've tried resetting the admin password with tmsh modify auth user admin prompt-for-password and save sys config but I still can't log in and get auth failed in the secure log. What am I missing?!? Best, LeighSolved490Views1like1CommentCustomized login page incorrectly replacing F5 variables
I have a customized footer that includes a few JavaScript variables to be used by some custom JS on the front-end, but when the footer.inc is inserted into the page, the code is pretty mangled. I've searched for anyone else mentioning this issue without any success. Here is the footer file: Here is what shows up on the page: Any ideas on what is causing this? Is it my code, or is this something that F5 needs to investigate?339Views0likes3CommentsAAA for Big-IQ CLI/TMSH Login
Hi, I have tried to use AAA server for authentication and authorization Big-IQ web GUI login. I configured on Big-IQ web GUI and find out that it doesn't work to authenticate user who log in into TMSH/CLI. Is there separate configuration to authenticate user through AAA server for CLI/tmsh? Thank you825Views0likes1CommentAPM Login form and iFrames
I have an application that users log into outside of F5. Then within that application when users try to pull up documents there is a Javascript that runs and populates data from another app within an iFrame. Currently, if the user has an active APM session the content populates in the iFrame just fine. However, if the user doesn't have an active session, I get an error message that says the content cannot be displayed in a frame. If I click the link on the error page, which launch a java makenewwindow() script, I get the F5 login page. How can I deal with that so the user doesn't see an error? Is it possible to render a custom login prompt within the iFrame? Is there a way to automatically launch the F5 login page in a new tab and the redirect back to the page with the iFrame? This application current works through another authentication vendor by prompting with a pop-up box. Can APM just launch a pop-up box for the login information instead of going to the my.policy login page?470Views0likes2Commentscustomize logon page
Hi all - This post from 2014 is what I'm looking for an update for in v 11.5. Is there a way to customize the logon page? It's the same use case as the linked article. We have a general logon page and a subsequent challenge response page. Are there options to customize both logon pages? Think of something along the lines of replacing the out-of-the-boxo F5 pages with something like Google's initial and 2FA logon pages. We do not have a CMS to host the webpage on and are looking to host it locally on the F5. Not sure if this is technically possible but wanted to reach out to see if the F5 community could help. Thanks in advance!355Views0likes5CommentsLock Down Your Login
Last week we talked about WebSafe and how it can help protect against phishing attacks with a little piece of code. This is important since malware can steal credentials from every visited web application from an infected machine. This time we’re going to look at how to protect against credential grabbing on a BIG-IP APM login page with WebSafe encryption layer. You’ll need two modules for this, BIG-IP APM and of course, WebSafe Fraud Protection Service. The goal is to protect the laptop from any malware that grabs sensitive login credentials. In this case, the malware would be configured to grab the login page along with the username and password parameter fields. Command and control could also be set to retrieve any credentials from the infected machine at certain intervals, like every 5 minutes. The first goal would be to encrypt the password. Within your BIG-IP admin GUI, you would navigate to Security>Fraud Protection Service> Anti-Fraud Profiles>URL List. APM’s logon page usually ends with ‘/my.policy’. Create then click that URL to open the configuration page and enable Application Layer Encryption. And select the Parameters tab to configure the fields you want to protect. In this case it is password and username. In the screen grab, you can see ‘Obfuscate’ is selected and to both ‘Encrypt’ and ‘Substitute Value’ for the password field. Now when the user goes to the page, a bit a JavaScript is injected in the page to protect the specified fields. If you run a httpwatch or wire shark on the page, you’ll see that the values for those parameters are obfuscated. This makes it incredibly difficult for the bad actor to determine the correct value. And if the malware also grabs the password, since we set that to encrypt, all they get is useless information. At this point, the BIG-IP will decrypt the password and pass on the traffic to appropriate domain controller for verification. This is a great way to protect your login credentials with BIG-IP. If you’d like to see a demonstration of this, check out F5’s Security Specialist Matthieu Dierick’s demo video. Pretty cool. ps442Views0likes0CommentsSSH window closes immediately after login
I cannot open a SSH session to the mgmt IP address of my BIG-IP. As soon as I enter the password in the CLI, the session closes. Has anyone else had this issue before? I'm having a hard time finding the SSH options within the F5 GUI in order to see what I have configured there.Solved2.7KViews0likes2Comments