google 2fa irule error
I'm struggling with this error when doing "load sys config verify [use curly braces to avoid double substitution] full error message /Common/Google_Token:131: warning: [use curly braces to avoid double substitution][(0x{[string range ${token} ${offset} [expr {${offset} + 7}]]}] The irule line in original code was set ga_code [expr (0x[string range $token $offset [expr $offset + 7]] & 0x7FFFFFFF) % 1000000] And I changed it to set ga_code [expr (0x[string range ${token} ${offset} [expr {${offset} + 7}]] & 0x7FFFFFFF) % 1000000] I'm able to connect to APM and passing the token , it is working fine there, but this cannot get rid of this error message Any one can help with the correct syntax ? article https://support.f5.com/csp/article/K57410758 seems not to be very helpful
iControl Authentication Token time-out for health monitor API Call
Hi Guys, I want to collect health status about F5 virtual servers through an API Proxy or 3rd party tools using the HTTP request below. it works but only temporarily since the X-F5-Auth-Token expires after a short time. is there a way this token can stay forever? this method isn't at all practical with a temporary token and we shouldn't have the user/pass on 3rd party tools. but if we have to do it another way, can we replace x-f5-auth-token with a low-priv read-only username and password pair? how would the http request look like? thanks in advance GET https://172.16.45.75/mgmt/tm/ltm/virtual/Splunk-VS/stats HTTP/1.1 X-F5-Auth-Token: JJ3LFIRJALD44GH3SX6QK4TDVE Host: 172.16.45.75 Connection: close
API Token Length
We've got four Big-IP pairs, two running 11.6.1 and two running 12.1.3.2. When we connect to the API we get a token in the response but the they're different lengths. The 11.6.1 Big-IPs return a 128 character token while the 12.1.3.2 boxes return a 26 character token. Searching hasn't helped. Does anyone know why the token is shorter or if there's a setting somewhere that I can tweak to make my security folks happy? ThanksProblem with kerberos ticket lifetime, ticket is not remove when user logoff
hi, we want to force expiration/deletion of kerberos user ticket. Im stick with the 10 minutes minimum value for ticketlifetime in Access Policy / SSO / Kerberos / my_kerberos_configuration. Default is 600 minutes and the minimum we can set is 10 minutes. Our customer using the portal pay for service, since transaction is approve, we add the user in a active directory security group in order he can access the new service. We ask customer to logoff and login again to get access. The problem, is that the kerberos user ticket doesn't have the new group, until the ticketlifetime is reach, default, 600 minutes, now 10 minutes. Im looking for a way to force the removal of the user kerberos ticket in the F5 cache (or any solution that work without delay). We have try /desk/hangup.php3 but only user session is remove, not kerberos ticket. Config : VE LTM+APM 11.5.2 Any idea ? thank in advance and sorry for my bad english !
APM with Azure AD giving token ID to app authentication
Hello folks: Please, hope you could help me with this question. Currently, I have some applications developed in Visual Studio which are also declared in Azure AD (AAD) in order to take advantage of some sort of Federation. Thus, every user who wants to access to the apps must go to www.office.com so they can authenticate against the AAD. In order to do this, every app Visual Studio code has the Azure app ID. The AAD gives token IDs to the users wanting to access the apps. I am planning to deploy the F5 APM solution so I can centralise all those apps in the webtop due to I need to un-publish those apps from the Internet and offer them as a Portal Access with SSO. The F5 APM could become another app in the AAD, but the AAD must give token IDs to the APM portal. The token IDs given to the APM must be used by the Portal Access as its SSO. The token IDs delivery must remain the same and the APM only needs to use the tokens to perform SSO. How could I achieve this? Is there any possibility to use oAuth Bearer SSO to achieve this goal? Any suggestion or advice is very appreciated. Thanks Omar.