bfrancom_123272
May 28, 2014Nimbostratus
Inject client Authorization Header Into APM sso variables
Hi, I am trying to get the authorization header from a client request and inject the credentials into the APM SSO variables. (The client is a web server). I am pretty new to APM and its internals. I thought an iRule something like this would work:
when HTTP_REQUEST {
ACCESS::session data set "session.logon.last.username" [HTTP::username]
ACCESS::session data set "session.logon.last.password" [HTTP::password]
}
But I see no username in the APM session report where I would expect to see one.
Here is the policy:
And the SSO piece of the policy where I think it should grab the injected session variables from:
The response back to the client is:
BIG-IP logout page "....Access was denied by the access policy.."
APM Session Report:
2014-05-28 08:34:11
Received User-Agent header: Mozilla%2f5.0%20(X11%3b%20Linux%20x86_64)%20AppleWebKit%2f537.36%20(KHTML%2c%20like%20Gecko)%20Chrome%2f35.0.1916.114%20Safari%2f537.36.
2014-05-28 08:34:11
Received client info - Type: Mozilla Version: 1 Platform: Linux CPU: unknown UI Mode: Full Javascript Support: 1 ActiveX Support: 0 Plugin Support: 1
2014-05-28 08:34:11
New session from client IP 10.x.x.x (ST=/CC=/C=) at VIP 10.x.x.x Listener /Common/vs_xxx-dev.xxx.org_HTTPS (Reputation=Unknown)
2014-05-28 08:34:11
Following rule 'fallback' from item 'AD Auth' to terminalout 'Failure'
2014-05-28 08:34:11
Following rule 'Failure' from item 'AD auth and resources' to ending 'Deny'
2014-05-28 08:34:11
Access policy result: Logon_Deny
2014-05-28 08:34:15
\N: Session deleted due to user logout request.
I would expect to see the username injected and logged even before the AD failure.