Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

authenticate to Oracle DB table?

I have been asked to identify a way to filter requests to a backend server by verifying part of the requested url against values stored in an Oracle table. My thought is to use a custom authentication profile, but have no idea where to begin with getting the BIGIP to talk to Oracle. Does LTM/tcl have any ODBC capabilities built in?
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
LTM doesn't contain the LTM libraries to make it possible for the irule to connect to a database.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
I think we found a workaround, but have not had time to test it yet.

BIGIP will use cookies to manage the client session, storing the username and a timeout value.

When a request comes in with a valid session (not timed out), the request is passed through to the server. If the request has an invalid session (timed out cookie), the LTM will extract the magic string from the request (another system generates the request from data in the DB) and pass it to a new java app to verify, instead of requesting the original page.

The new java app will take the passed string and query the DB, then place the Authenticated/Not Authenticated response in the reply.

The LTM will examine the reply content and look for the Auth/No Auth codes, then either redirect to an error page or set the username/timeout cookies and redirect the user to the original page they requested.

Any thoughts?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
How did this work out? I'm attempting to tackle a similar problem, with a similar approach.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
This has worked well, implemented just as I described above.

We have also implemented this for complex calls to Active Directory, where multiple domains were involved in the authentication process and Authentication Profiles were not flexible enough.

LTM can be made to "talk" to anything by building these HTTP to "whatever" middlewares.
0