MDPF52_180608
Sep 07, 2015Nimbostratus
APM HTTP Header injection
Hello DevCentral Community,
I want to ask you if is it possible to inject the HTTP Headers in the server side connection when APM is in place.
Basically, I need to send dynamically from the F5 to the Backend the user AD UPN attribute (when the user is authetnicated on APM with the AD account,) I need also to query the AD in order to extract the user memberships in order to inject a dynamic http header with the AD Group of the user in order to send it to the backend.
when ACCESS_POLICY_AGENT_EVENT {
set timestamp [clock format [clock seconds] -format "%d/%b/%Y %H:%M:%S %z"]
set userprincipalname [ACCESS::session data get "session.ad.last.attr.userPrincipalName"]
HTTP::header insert "userPrincipalName" $userprincipalname
set landing [ACCESS::session data get session.server.landinguri]
set loginfailures [ACCESS::session data get session.localdb.login_failures]
set Role "undefined"
switch [ACCESS::policy agent_id] {
"RoleM" {
log local0. "RoleA"
set Role "RoleA"
}
"RoleM2" {
log local0. "RoleM"
set Role "RoleB"
}
when ACCESS_ACL_ALLOWED {
set landing [ACCESS::session data get session.server.landinguri]
log local0. "Landing URI: $landing"
pool xxxx
}
when ACCESS_POLICY_COMPLETED {
set userPrincipalName [ACCESS::session data get "session.ad.last.attr.userPrincipalName"]
log local0. "UPN detected = $userPrincipalName ACCESS_COMPLETED"
set policy_result [ACCESS::policy result]
HTTP::header insert "userPrincipalName" $userPrincipalName
if { $RoleA == "" } { } else { HTTP::header insert "Rolea" $RoleA }
if { $RoleB == "" } { } else { HTTP::header insert "RoleB" $RoleB }
switch $policy_result {
"allow" {
if { $RoleA == "" } { } else { HTTP::header insert "Rolea" $RoleA }
if { $RoleB == "" } { } else { HTTP::header insert "RoleB" $RoleB }
}
"deny" {
Do nothing
}
}
}