AUTH::resposne_data

Question

I have an SSL Cert and am using CRLDP on an LDAP server to accept/reject the cert based on revocation.  However, I cannot grab the AUTH::response_data.  Below is the irule:&nbsp;
&nbsp;when CLIENT_ACCEPTED { 
&nbsp;   set tmm_auth_ssl_crldp_sid 0
&nbsp;   set tmm_auth_ssl_crldp_done 0 
&nbsp;} &nbsp;
&nbsp;when CLIENTSSL_CLIENTCERT { 
&nbsp;   set tmm_auth_ssl_crldp_done 0 
&nbsp;   if {$tmm_auth_ssl_crldp_sid == 0} { 
&nbsp;       set tmm_auth_ssl_crldp_sid [AUTH::start pam default_ssl_crldp] 
&nbsp;       if {[info exists tmm_auth_subscription]} {
&nbsp;           AUTH::subscribe $tmm_auth_ssl_crldp_sid
&nbsp;          log local0. "Subscribing $tmm_auth_subscription" 
&nbsp;      } 
&nbsp;} 
&nbsp;  AUTH::cert_credential $tmm_auth_ssl_crldp_sid [SSL::cert 0]  AUTH::cert_issuer_credential $tmm_auth_ssl_crldp_sid [SSL::cert issuer 0] AUTH::authenticate $tmm_auth_ssl_crldp_sid 
&nbsp;      set tmm_auth_subscription    [AUTH::subscribe $tmm_auth_ssl_crldp_sid] 
&nbsp;      log local0. "$Authenticating cert with crldp ID: $tmm_auth_ssl_crldp_sid" 
&nbsp;      log local0. "$tmm_auth_subscription" 
&nbsp;      SSL::handshake hold 
&nbsp;} &nbsp;
&nbsp;when CLIENTSSL_HANDSHAKE { 
&nbsp;   set tmm_auth_ssl_crldp_done 1 
&nbsp;} &nbsp;
&nbsp;when AUTH_RESULT { 
&nbsp;   if {[info exists tmm_auth_ssl_crldp_sid] and \ 
&nbsp;      ($tmm_auth_ssl_crldp_sid == [AUTH::last_event_session_id])} { 
&nbsp;            log local0. "$tmm_auth_ssl_crldp_sid" 
&nbsp;            array set auth_response_data [AUTH::response_data] 
&nbsp;             log local0. "Array auth_data has [array size auth_response_data] elements." &nbsp;
&nbsp;            foreach value [array names auth_response_data] { 
&nbsp;                   log local0. "$value" 
&nbsp;           } 
&nbsp;      set tmm_auth_status [AUTH::status] 
&nbsp;     if {$tmm_auth_status == 0} { 
&nbsp;           log local0. "Authorization success!" 
&nbsp;           set tmm_auth_ssl_crldp_done 1 
&nbsp;           SSL::handshake resume 
&nbsp;    } elseif {
&nbsp;          $tmm_auth_status != -1 || $tmm_auth_ssl_crldp_done == 0} {
&nbsp;           log local0. "Authorization failure." reject 
&nbsp;    }
&nbsp; } 
&nbsp;}&nbsp;
&nbsp;Thnaks,&nbsp;
&nbsp;Mitch

hooleylist · Answer

Hi Mitch, 
&nbsp;  
&nbsp; What do you see in the logs for the AUTH::response_data logging?   
&nbsp;  
&nbsp; Which LTM version are you testing on?   
&nbsp;  
&nbsp; Is auth against the CRLDP service working? 
&nbsp;  
&nbsp; Aaron

mraful_64014 · Answer

Thanks for the response hoolio. Nothing gets returned from AUTH::response.  However, I can get an AUT::status returned.  I am testing against BIG-IP 10.1.0 Build 3341.0 Final.  I saw some other posts that cliamed AUTH::response_data has been broke since 10.0.  I don't know if that is true.

hooleylist · Answer

I don't think AUTH::response_data is expected to return anything if the authentication attempt fails.  Are you seeing it return nothing when auth succeeds? 
&nbsp;  
&nbsp; Aaron

mraful_64014 · Answer

Yes.  AUTH::success returns 0 when it is successful and returns 1 when unsuccessful.

mraful_64014 · Answer

BTW, does anyone know wht the Cache Timeout entry in the Authentication configuration object is for?  It's not in the manual or help.

Forum Discussion

AUTH::resposne_data

8 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5