Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Radius and WebApp Authentication

We are trying to figure out how to do a RADIUS authentication through the F5, then pass credentials to our web app sitting behind the F5.

We only need to gather three pieces of information: username (which is the same for both the radius user account and the web app user account), the user’s web app password, and the hardware token one-time password.

We have this partly working – we created an Access Policy with a logon page that gathers the three credentials. The RADIUS authentication works fine. We edited the success outcome / ending to redirect to the (authentication portion) of our internal web app, with the username and app password embedded like the web app expects to receive it. The problem is the web app expects a POST request, and the redirect from the success outcome is a GET request.

Can anyone let us know the best way to do this, or can they point us to a few good examples of this kind of thing? We aren’t at all tied to the way we are doing it right now – we’re trying to figure out how to do it at all. Is there a mechanism for use inside the Visual Policy Editor that can generate a POST?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Reposting as an image..

Image Text

1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You may try this iRule. Use 'Allow' instead of 'Redirect',

when ACCESS_POLICY_COMPLETED {
    set username  [ACCESS::session data get "session.logon.last.username"]
    set content "  \
         "

    ACCESS::respond 200 content $content
}
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

The answer to this question is to use the HTTP Forms SSO mechanism. http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-sso-config-11-2-0/2.html

0