Forum Discussion

Michael_65398's avatar
Michael_65398
Icon for Nimbostratus rankNimbostratus
Apr 02, 2013

APM What is the best way to post username and password to a backend server?

hope someone out there can help me:

 

 

currently i have a landing web page (e.g. www.company.com) that user should see after logging into APM. to see all the contents on this page, APM needs to do a POST to www.company.com/?username=blah&password=blahblah.

 

 

i tried the "Forms" SSO in APM (default settings in the SSO configuration and single domain) and it does not work.

 

 

any suggestings on what i am missing? or this functionality just does not work?

 

 

I also tried using iRule to pass the credentials to the backend server and found that the variable session.sso.token.last.password is encrypted and looks like:

 

 

$CK$1f7PgR2p$nfCif52JfvUO7AlsIFGBV14K+1au+i9A6qa+XsSuuCE=

 

 

how do i get the plain text password from APM variables?

 

 

thanks in advance!!

 

5 Replies

  • forgot to mention: i did a packet capture between APM and the backend server, the APM only does a GET and no POST (as configured in the SSO) on the backend. for some reason the SSO is not triggered at all

     

  • Sounds like Forms-based SSO is what you need. You can post a sanitized version of your POST that you are trying to get to work here and we can try to give you guidance on how to properly configure the SSO profile, or you can open a support case. Ideally, we'd need a httpwatch capture of the login traffic.
  • The forms-based SSO is going to be triggered by the start URI - if APM does not see the value you put in the start URI, then the SSO profile won't trigger.

     

  • i do have the resource items configured with path "/*" and forms SSO. would that be enough to trigger the SSO or i need to specify the "/" under SSO properties of the access policy?

     

     

    thanks

     

     

  • it looks like the Start URL is working. out of curiosity, is there anyway to retrieve the password in plain text in iRule so that i can construct some HTTP headers with it?

     

     

    thanks