Forum Discussion

Ryan_Chin_80280's avatar
Ryan_Chin_80280
Icon for Nimbostratus rankNimbostratus
Aug 19, 2005

<AUTH_ERROR> - Operation not supported

Hi Guys,

 

First of all thanks for helping me with the previous post, it seems to solve the problem.

 

 

I've another error, and I hope someone could point out what is wrong with it.

 

Its taken from one of the sample on codeshare, I modify it abit so that my user can do single sign on on a webserver, and does not have to sign on again when he visit other different webserver on the same domain.

 

This irule is used together with a LDAP profile.

 

 

=============================================================

 

when CLIENT_ACCEPTED {

 

set authinsck 0

 

set forceauth 1

 

set ckname BIGXAUTH

 

set ckpass 1xxx5678

 

set ckvalue [IP::client_addr]

 

set ckdomain abc.com

 

set tmm_auth_ldap_sid [AUTH::start pam default_ldap]

 

}

 

when HTTP_REQUEST {

 

if {[HTTP::cookie exists $ckname]} {

 

HTTP::cookie decrypt $ckname $ckpass 128

 

if {[HTTP::cookie value $ckname] eq $ckvalue} {

 

set forceauth 0

 

}

 

HTTP::cookie remove $ckname

 

}

 

else {

 

if {$forceauth eq 1} {

 

AUTH::username_credential $tmm_auth_ldap_sid [HTTP::username]

 

AUTH::password_credential $tmm_auth_ldap_sid [HTTP::password]

 

AUTH::authenticate $tmm_auth_ldap_sid

 

HTTP::collect

 

}

 

}

 

}

 

when HTTP_RESPONSE {

 

if {$authinsck eq 1} {

 

HTTP::cookie insert name $ckname value $ckvalue path / domain $ckdomain

 

HTTP::cookie encrypt $ckname $ckpass 128

 

}

 

}

 

when AUTH_SUCCESS {

 

if {$tmm_auth_ldap_sid eq [AUTH::last_event_session_id]} {

 

set authinsck 1

 

HTTP::release

 

}

 

}

 

when AUTH_FAILURE {

 

if {$tmm_auth_ldap_sid eq [AUTH::last_event_session_id]} {

 

HTTP::respond 401

 

}

 

}

 

when AUTH_WANTCREDENTIAL {

 

if {$tmm_auth_ldap_sid eq [AUTH::last_event_session_id]} {

 

HTTP::respond 401

 

}

 

}

 

when AUTH_ERROR {

 

if {$tmm_auth_ldap_sid eq [AUTH::last_event_session_id]} {

 

HTTP::respond 401

 

}

 

}

 

 

=============================================================

 

 

The rule is running functionally, however, the following error keep appearing in ltm log.

 

 

Aug 19 15:05:43 tmm tmm[707]: 01220001:3: TCL error: Rule ldap_single_sign_on - Operation not supported (line 2) invoked from within "HTTP::respond 401"

 

 

Would appreciate any help. Thanks!
application delivery
dev
devops
iRules

1 Reply

Sort By
  • flomkrl_29950's avatar
    flomkrl_29950
    Icon for Nimbostratus rankNimbostratus
    May 26, 2009
    I have got the same error, have you resolve this issue ?

     

     

    when AUTH_ERROR {

     

    if {$asid eq [AUTH::last_event_session_id]} {

     

    if { $langfr eq 1 } {

     

    set loginFormAuthError_htm_class [b64decode [lindex $::loginFormAuthError_htm_fr_class 0]]

     

    }

     

    else { set loginFormAuthError_htm_class [b64decode [lindex $::loginFormAuthError_htm_class 0]]

     

    }

     

    HTTP::respond 200 content $loginFormAuthError_htm_class "Content-Type" "text/html"

     

    log local0. "$clientip $auth_username"

     

    }

     

    }

     

     

    May 26 21:40:53 tmm tmm[1772]: 01220001:3: TCL error: IRULE-AUTH-FORM - Operation not supported (line 1) invoked from within "HTTP::respond 200 content $loginFormAuthError_htm_class "Content-Type" "text/html""

     

    May 26 21:41:25 tmm tmm[1772]: 01220001:3: TCL error: IRULE-AUTH-FORM - Operation not supported (line 7) invoked from within "HTTP::respond 200 content $loginFormAuthError_htm_class "Content-Type" "text/html""

     

     

    Thanks,