Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

form based authentication

Hi Everyone ,

i did search and found that we can using LTM to insert the irule so each user when access the Virtual server , he or she will prompt a login window before access to the pool member resources. But due to customer is require "html form based authentication" and the below link workaround is not able meet the requirement. Do you have any sampled of form based authentication sample ? i need it as a reference in order for me to achieve customer requirement.

https://devcentral.f5.com/wiki/APM.LocalUserAccounts.ashx

Appreciate for your kind response.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Jack The APM module can be configured to present a logon page to the user, verify user access via a number of Authentication methods, and then pass the credentials to an application using forms-based authentication. This ensures that the application will not also prompt the user for credentials.

No iRules necessary if using the APM module.

See the APM datasheet here: http://www.f5.com/pdf/products/big-ip-access-policy-manager-ds.pdf

HTH

0
Comments on this Answer
Comment made 12-Aug-2014 by jack 145
Hi John ALAM It is without the APM module licensed , actually we need to come out and irule base on LTM modules. Thus , we come out the authentication irule as below , i dont have idea how to make it be html form based authentication, do you have any idea or sample for let it be html form base autentication instead of just a simple pop up login window base on below irule. when RULE_INIT { set static::auth_debug 1 } when HTTP_REQUEST { #Grab username and password from authorization header and compare if { [HTTP::username] eq "" or [HTTP::password] eq "" } { if { $static::auth_debug } { log local0. "No username and password in Authorization header or Auth header missing." } } else { #Grab the authorization header and convert to username and password if { $static::auth_debug } { log local0. "Username = [HTTP::username] password = [HTTP::password]" } #Next look in the datagroup called LocalUsers for the user. The value is a hex MD5password.#Compare the value in the datagroup to the value of HTTP::password to determine if this is valid. set password [class lookup "[HTTP::username]" LocalUsers] if { $password eq "" } { if { $static::auth_debug ==1 } { log local0. "Auth failed for user [HTTP::username] \ and the value in the datagroup was [class lookup [HTTP::username] LocalUsers] "} } else { #how have action with when user key in www/test/com/user redirect it to https://www.test.com/user/resources.html before it forward to test_pool ? binary scan [ md5 [HTTP::password]] H* hexhash if { $static::auth_debug } { log local0. "password MD5 = $hexhash" } if { $password eq $hexhash } { pool test_pool if { $static::auth_debug } { log local0. "Auth succeeded for user [HTTP::username] and the value in the datagroup was [class lookup [HTTP::username] LocalUsers] "} #Exit this event for this iRule to prevent sending a 401 below return } } } #If we are still in the iRule the auth attempt failed HTTP::respond 401 content "Error:Authentication Failure" WWW-Authenticate "Basic realm=\"local.loc\"" }
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I have one around somewhere... I used to use it before we got APM. I THINK it's in the codeshare somewhere (I got it originally form there, and then pushed my updates back).

Let me see if I can still find it...

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Right.

So the original HTML forms based auth iRule I based mine on is at => CLientAuthiRule

Then there's an unrelated one I just found... => RevProxyWithSSO

I'll see if I can dig up the one I modified as well. IIRC the original had couple of bits I needed to update (Oh... And the solution USED to require an ACA license... Not sure that's still available in v11... YMMV)

H

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

We have setup a web server with SSO kerberos built in and it works for windows user, however, MAC book user is getting HTTP 401 and SSO doesn't work. We would like to create iRules to change the HTTP header so MAC users receive login prompt and enter username/passsword manually. Any clue would be highly appreciate.

0