SSO authentication for web server with iRule

Here i use Client Auth Using Http Cookie iRule

 

----------------------------------

 

when CLIENT_ACCEPTED {

 

set authinsck 0

 

set forceauth 1

 

set ckname BIGXAUTH

 

set ckpass 1xxx5678

 

set ckvalue [IP::client_addr]

 

set ckdomain .Acme.com

 

set asid [AUTH::start pam default_ldap]

 

}

 

when HTTP_REQUEST {

 

if {[HTTP::cookie exists $ckname]} {

 

HTTP::cookie decrypt $ckname $ckpass 128

 

if {[HTTP::cookie value $ckname] eq $ckvalue} {

 

set forceauth 0

 

}

 

HTTP::cookie remove $ckname

 

}

 

if {$forceauth eq 1} {

 

AUTH::username_credential $asid [HTTP::username]

 

AUTH::password_credential $asid [HTTP::password]

 

AUTH::authenticate $asid

 

HTTP::collect

 

}

 

}

 

when HTTP_RESPONSE {

 

if {$authinsck eq 1} {

 

HTTP::cookie insert name $ckname value $ckvalue path / domain $ckdomain

 

HTTP::cookie secure $ckname enable

 

HTTP::cookie encrypt $ckname $ckpass 128

 

}

 

}

 

when AUTH_SUCCESS {

 

if {$asid eq [AUTH::last_event_session_id]} {

 

set authinsck 1

 

HTTP::release

 

}

 

}

 

when AUTH_FAILURE {

 

if {$asid eq [AUTH::last_event_session_id]} {

 

HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""

 

}

 

}

 

when AUTH_WANTCREDENTIAL {

 

if {$asid eq [AUTH::last_event_session_id]} {

 

HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""

 

}

 

}

 

when AUTH_ERROR {

 

if {$asid eq [AUTH::last_event_session_id]} {

 

HTTP::respond 401

 

}

 

}

 

--------------------------------------------

 

This Irule use for ldap auth.

 

I create Acme.com domain

 

So what changes required for cookie name & password & domain for successfull Auth using HTTP cookie