Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

HTTP Authentication

I'm looking at the requirements and testing out different SMS functionality for One Time Passwords. I am still unable to determine exactly how to place in CURL requests that vendors provide as examples while utilizing HTTP authentication.

Vendor Example:

curl -X POST http://api.twilio.com/2010-04-01/Accounts/ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Messages.json \
--data-urlencode "From=+15017122661" \
--data-urlencode "Body=Body" \
--data-urlencode "To=+15017122661" \
-u ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:your_auth_token

The F5 Code I am attempting to use for HTTP Authentication

Form Parameter For User Name ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Form Parameter For Password your_auth_token

Form Action api.twilio.com/2010-04-01/Accounts/ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Messages.json

Hidden Form Parameters/Values
from +15017122661
body body
to +15017122661

I have attempted multiple iterations, the -u is a requirement as it passes username/token, but I can't find any other way to pass those values in the form field. How would the hidden form Parameters/Values field take a -u value for formatting purposes?

 Form Action api.twilio.com/2010-04-01/Accounts/ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Messages.json
 Hidden Form Parameters/Values
  from +15017122661
  body body
  to +15017122661
  -u ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:your_auth_token
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Comments on this Answer
Comment made 1 month ago by DenverRB 65

Yes, this involves iRulesLX which is not installed, irules, and a call on node.js. I would like to keep this relatively simple. As most vendors that utilize SMS provide examples via Curl, it would be nice to have formatting using the HTTP Authentication method outlined or discussed in detail.

0
Comment made 1 month ago by NicolasDE 334

By HTTP Authentification, do you mean the HTTP Form Based SSO functionnality of the APM module?

0
Comment made 1 month ago by DenverRB 65

Yes, Menu Item is under Access >> Authentication >> HTTP >>

0
Comment made 1 month ago by DenverRB 65

Here is the thing that is currently baffling me.

I setup a virtual server Layered Approach to forward the HTTP form to an VIP based on HTTPS which directs the data to the vendors site via a pool. This is recommended via F5 KB articles.

I can confirm this works with a Curl POST by command line and statically configured variables. I can send myself SMS messages all day via command line with the VIP that I setup.

I can confirm the HTTP Forms Authentication is working because the "OTP Delivery by HTTP" process which utilizes the HTTP AUTH Profile passes me onto the "Logon Page OTP" site, it's the next stage if successful in the APM Policy.

The HTTP Authentication is functioning, this is confirmed. However it's not passing on my statically configured variables via the Hidden Forms Values and Parameters field so that I can inject phone numbers and body messages.

So my config looks something like this on the HTTP Forms -

Form Parameter For User Name ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Form Parameter For Password your_auth_token

Form Action myvip/2010-04-01/Accounts/ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Messages.json

Hidden Form Parameters/Values
from +15017122661
body testsendingmeotp
to +15017122661
0
Comment made 1 month ago by NicolasDE 334

Ok thanks for the detailled info. You configuration seems correct, the hidden parameters should be normaly sent with the post request.

I advise you to perform a tcpdump to capture the transaction between F5 and twillox, then compare it between a manual curl command and the one generated by APM. That will give you more details on the issue.

0
Comment made 1 month ago by DenverRB 65

After setting up packet captures and attempting to see how the HTTP Authentication forms were sending out the POST, the HTTP Forms Authentication Username and Password were not being sent out the way the vendor Twilio would accept them. The vendor documentation also did not include this method of sending out a URL request. I got this information direct from Twilio.

I had to change the form Action to include the username/password in the header.

Before - myvip/2010-04-01/Accounts/ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Messages.json

After - username:password@myvip/2010-04-01/Accounts/ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Messages.json

It now works!

Thanks for the assistance.

0