Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

APM - OTP - HTTP AUTH - Hidden Forms Parameters

APM - OTP - HTTP AUTH - Hidden Forms Parameters

Working on Version 11.3 Latest Release and utilizing APM with an Access Policy, trying to get OTP to work with SMS.

How does one translate the required parameters presented in an example by the vendor into the variables needed to be pulled back to get OTP to work.

I can get the CURL feature to function from the BigIP Command Line, however I am unable to get the HTTP Auth Configuration to work.

I think my expertise falls under how to translate the vendor required attributes into the Hidden Forms Values. This is what I have and I get no response via the HTTP Auth I have setup. I have been unable to find a KB on something like this on Dev Central and feel this may help out any other person new to HTTP AUTH.

This is an example CURL - using the SMS OTP Verification using textbelt.com

$ curl -X POST https://textbelt.com/otp/generate \
       --data-urlencode phone='5557727420' \
       --data-urlencode userid='myuser@site.com' \
       -d key=example_otp_key

I can get this curl to work via command line when substituting my cell phone #.

When I substitute my Phone Number to attempt a manual POST in the Hidden Form Value I get no results back.

In the Configuration for HTTP Auth -

  Form Based > Selected 
  Start URI > Empty
  Form Methd > POST
  Form Action > http://textbelt.com/otp/generate
  Form parameter for User Name > Empty
  Form Parameter for Password > Empty
  Hidden form Parameters/Values >

    phone='5557727420'
    userid='myuser@site.com'
    message= 'Launch Code: $OTP!=%{session.otp.assigned.val}'
    lifetime=%{session.otp.assigned.ttl}
    key=example_otp_key
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You must create a virtual server

  • destination : X.X.X.X:80
  • client ssl profile : None
  • server ssl profile : serverssl
  • pool : 1 member : textbelt.com port 443

then in HTTP server:

Form Based > Selected
Start URI > Empty
Form Methd > POST
Form Action > http://X.X.X.X/otp/generate
Form parameter for User Name > Empty
Form Parameter for Password > Empty
Hidden form Parameters/Values >

    phone 5557727420
    userid myuser@site.com
    message Launch\ Code:\ $OTP!=%{session.otp.assigned.val}
    lifetime %{session.otp.assigned.ttl}
    key example_otp_key
0
Comments on this Answer
Comment made 3 months ago by DenverRB 65

I think I added some confusion. This is an HTTP AUTH piece setup for a Cloud OTP/SMS Provider. The Curl works outbound to the cloud provider, It's the HTTP AUTH piece that fails to the Cloud Provider.

0
Comment made 3 months ago by Stanislas Piron 9545

if the SMS provider only support HTTPS and not HTTP, you have to create a HTTP to HTTPS virtual server as HTTP auth doesn't support HTTPS.

0
Comment made 3 months ago by DenverRB 65

Yes you are correct,

I can attempt an HTTP or HTTPS curl and it works correctly,

> $ curl -X POST https://textbelt.com/otp/generate \
>        --data-urlencode phone='5557727420' \
>        --data-urlencode userid='myuser@site.com' \
>        -d key=example_otp_key

>        $ curl -X POST https://textbelt.com/otp/generate \
>        --data-urlencode phone='5557727420' \
>        --data-urlencode userid='myuser@site.com' \
       -d key=example_otp_key

     +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

     HTTP AUTH 

  Form Based > Selected 
  Start URI > Empty
  Form Methd > POST
  Form Action > http://textbelt.com/otp/generate
  Form parameter for User Name > Empty
  Form Parameter for Password > Empty
  Hidden form Parameters/Values >

    phone='5557727420'
    userid='myuser@site.com'
    message= 'Launch Code: $OTP!=%{session.otp.assigned.val}'
    lifetime=%{session.otp.assigned.ttl}
    key=example_otp_key

I still am unable to determine how the Hidden Form Parameters/Values passes the variables via a POST action in creating a URL that pushes to the vendor. The question remains how does one construct the Hidden Form Parameters/Values into a similar Curl command so that the variables can be passed to the "Form Action"

0
Comment made 3 months ago by Stanislas Piron 9545

can you change Hidden form Parameters/Values as I provided before!

0
Comment made 3 months ago by DenverRB 65

I missed your revised Hidden Parameters/Values -

That Worked!

0