Error with External logon page

Question

Hello, I'm beginning with the F5 and i'm trying to use an external logon page (in module APM): So, to begin, on an external server, i have this logon page:

and the html code:
In APM, I have defined this authentication profile:

After, i have associated this authentication with my webservice (http://webservice)
The problem is when i go to the webservice, i obtain this error

I think the webservice will send a redirect to the login page, but it doesn't. It respond directly this this error page.
I haven't found well documented readings about external logon pages and what does error code 19 means.
What is wrong this my config? Thanks for your help, Vincent

boneyard · Answer

your html code isn't visible.&nbsp;
it seems the request send to the APM doesn't contain the correct headers, can you do a packet capture on the BIG-IP checking if the POST contains all the right info (i.e. the Cookies and username / password)?&nbsp;

vincent_munier_ · Answer

Thank you for your answer, and sorry for the html code:&nbsp;    
     
    Actually, at the moment the request sent to the APM doesn't contain headers (cookie, username/password) because it's the first request. I think, if the user is unauthenticated (typically at the first request to the web application), the APM would redirect me to the external logon page?&nbsp;

boneyard · Answer

i haven't worked with this yet, but shouldnt you first visit the APM, get redirected to the external logon page (so now you have the cookies) and then POST the credentials to the APM? have you tried that?

[EDIT] just tested this real quick, when i visit the virtual server protected by APM i get redirected to the URL, from there i can submit the info and they get posted correctly.

vincent_munier_ · Answer

Yes, but i thought it was the "external logon page" process which have to redirect me to the external page? In my case, i wasn't redirected?&nbsp;
ps: the code html of my logon form:
&nbsp;

boneyard · Answer

hehe, yeah i used the same code, the example in the f5 documentation is really, really bad.&nbsp;
at action you use the url of the big-ip my.policy page, nothing else needs to be modified.&nbsp;
then go to the virtual server, get redirected to the webserver you are hosting above code, fill in data, POST and end up authenticated. that is how it works for me.&nbsp;
{extra}&nbsp;
if F5 is reading, im talking about 
"Figure 6.2 External logon page submission sample" at this page:
http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-config-11-4-0/apm_config_general_actions.html&nbsp;
this can be made actually useful by changing to the code from Step 1 from this page:
https://devcentral.f5.com/wiki/APM.AcceptPostedCredsfromExternalSite.ashx&nbsp;

Forum Discussion

Error with External logon page

6 Replies

Recent Discussions

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Pricing when used with aws waf

Related Content

CSV to Address External Datagroup File

TACACS+ External Monitor (Python)

External Monitor Information and Templates

Customizing logon error messages

snmp-check external monitor