karthik_sriniva
Apr 12, 2005Nimbostratus
Multiple Auth
Hi,
Can someone post an example on how to do multiple authentication.
For example, first one could be radius auth and the next one could be ldap authentication.
Thanks!!!
Can someone post an example on how to do multiple authentication.
For example, first one could be radius auth and the next one could be ldap authentication.
Thanks!!!
rule twoauth {
when CLIENT_ACCEPTED {
set ldap_authed 0
set radius_authed 0
}
when HTTP_REQUEST {
set username [HTTP::username]
set password [HTTP::password]
set asid_ldap [AUTH::start pam default_ldap]
set asid_radius [AUTH::start pam default_radius]
AUTH::username_credential $asid_ldap $username
AUTH::password_credential $asid_ldap $password
AUTH::authenticate $asid_ldap
AUTH::username_credential $asid_radius $username
AUTH::password_credential $asid_radius $password
AUTH::authenticate $asid_radius
HTTP::collect
}
when AUTH_SUCCESS {
if {$asid_ldap eq [AUTH::last_event_session_id]} {
set ldap_authed 1
}
if {$asid_radius eq [AUTH::last_event_session_id]} {
set radius_authed 1
}
if {$radius_authed == 1 && $ldap_authed == 1} {
HTTP::release
}
}
when AUTH_FAILURE {
if {$asid_ldap eq [AUTH::last_event_session_id] ||
$asid_radius eq [AUTH::last_event_session_id]} {
HTTP::respond 401
}
}
when AUTH_WANTCREDENTIAL {
if {$asid_ldap eq [AUTH::last_event_session_id] ||
$asid_radius eq [AUTH::last_event_session_id]} {
HTTP::respond 401
}
}
when AUTH_ERROR {
if {$asid_ldap eq [AUTH::last_event_session_id] ||
$asid_radius eq [AUTH::last_event_session_id]} {
HTTP::respond 401
}
}
}
Let us know if you have questions.
when CLIENT_ACCEPTED {
set ldap_authed 0
}
when HTTP_REQUEST {
set username [HTTP::username]
set password [HTTP::password]
set asid_ldap [AUTH::start pam default_ldap]
AUTH::username_credential $asid_ldap $username
AUTH::password_credential $asid_ldap $password
AUTH::authenticate $asid_ldap
HTTP::collect
}
when AUTH_SUCCESS {
if {$asid_ldap eq [AUTH::last_event_session_id]} {
set ldap_authed 1
}
if {$ldap_authed == 1} {
HTTP::release
}
}
when AUTH_FAILURE {
if {$asid_ldap eq [AUTH::last_event_session_id] } {
HTTP::respond 401
}
}
when AUTH_WANTCREDENTIAL {
if {$asid_ldap eq [AUTH::last_event_session_id] } {
HTTP::respond 401
}
}
when AUTH_ERROR {
if {$asid_ldap eq [AUTH::last_event_session_id] } {
HTTP::respond 401
}
}
Thank you for your help,
Rob
Thank you,
Rob
Subject: Authenticate customer using SSL client certificate or LDAP
http://devcentral.f5.com/Default.aspx?tabid=28&forumid=5&postid=6260&view=topic
I also need to include ocsp at some point so I was looking for ways to simplify the LDAP Auth section.
Beyond that, I let it go instead of stopping the browser and have seen it take up to 5 minutes or longer to authenticate. I am trying to find out what is going on, however there is nothing that shows up in the syslog. In addition, I can perform a b load and do not see any issues unlike the time I used the regsub command. Do you know of a way to find out what might be going on?
Thank you for your help,
Rob
Thank you,
Rob
when CLIENT_ACCEPTED {
set ldap_authed 0
}
when HTTP_REQUEST {
set username [HTTP::username]
set password [HTTP::password]
set asid_ldap [AUTH::start pam default_ldap]
AUTH::username_credential $asid_ldap $username
AUTH::password_credential $asid_ldap $password
AUTH::authenticate $asid_ldap
HTTP::collect
}
when AUTH_SUCCESS {
if {$asid_ldap eq [AUTH::last_event_session_id]} {
set ldap_authed 1
}
if {$ldap_authed == 1} {
log local0. "entering auth success"
HTTP::release
}
}
when AUTH_FAILURE {
if {$asid_ldap eq [AUTH::last_event_session_id] } {
log local0. "entering auth failure"
HTTP::respond 302 Location "http://x.x.x.x"
}
}
when AUTH_WANTCREDENTIAL {
if {$asid_ldap eq [AUTH::last_event_session_id] } {
log local0. "entering auth want credential"
HTTP::respond 401
}
}
when AUTH_ERROR {
if {$asid_ldap eq [AUTH::last_event_session_id] } {
log local0. "entering auth error"
HTTP::respond 401
}
}