HTTP 302 Required instead of 200 OK

Question

Hello Team, I am having an APM policy, where the First Level of Auth is AD and second level is external Logon Page.&nbsp;
&nbsp;
&nbsp;
Now what happens is, when my AD auth is passed (post on /my.policy), I get 200 OK from F5.&nbsp;
 &nbsp;
and then I proceed for 2nd Level Auth (http auth, which is external logon page). After Successful logon here, I get 302 and then I land on my actual application.&nbsp;
&nbsp;
If I remove the 2nd level auth, F5 responds with 302 after AD auth and proceed with application actual page.&nbsp;
Now my customer wants to have 302 even after the first logon (i.e. AD auth). I tried replicating in my lab and I get 200 OK after AD auth if I have 2nd level auth in place.&nbsp;
Can you help me in finding if there is a way, I can change the 200 OK to 302, when I post the login credentials on my First level of Auth (i.e AD)&nbsp;

dayal · Answer

where would you want to redirect this? Do you want to redirect to the application or redirect the user to external logon page ? &nbsp;

dayal · Answer

where would you want to redirect this request to? 
Do you want to redirect to the application URL or redirect the user to external logon page URL ?&nbsp;

rohit_singla_17 · Answer

If you see the VPE above, after AD auth, it goes to MACRO, which actually is 2nd Level Auth.
So After AD auth, User is actually redirected to the External Logon Page and everything works fine. The issue here is that the F5 is sending 200 OK after AD Auth before going to 2nd level auth, but user want it should be 302, because of some "security audit" purposes. &nbsp;
As I said, everything is working fine, but just needs to see why F5 responds with 200 OK if 2nd Level HTTP AUTH is in place and is there a way to change it???&nbsp;
If you remove HTTP Auth, from the flow, F5 responds with 302 and takes you to app. which is fine. So the question here is regarding the 200 OK that comes after AD AUTH......&nbsp;
See my HTTP watch output for a lab scenario, where I remove the 2nd level auth and I get 302 while posting on /my.policy&nbsp;
&nbsp;

stanislas_piro2 · Answer

Hi,
Could you provide the URL of the external logon page?
we need to search what is the issue with only half informations.
in your screenshot, we can see the response after POST on /my.policy is 302 as expected...
The default behavior of the APM is:
user browse https://www.company.com/some/path/APM respond with 302 Location /my.policyuser Post user credentials, until user is authenticated, responses are 200.When user is authenticated, response is 302 Location /some/path/
If external logon page is defined, APM may respond with 302 Location https://login.company.com/logonpage.aspx (the URL of the external logon page)

rohit_singla_17 · Answer

Dear Stanislas,  Actually External Logon Page is Another VS on same F5, and based on URI, the iRule sends the request to that VS (host header remains same). Please see the snapshot below. I could not replicate the exact scenario customer has, but I used an internal HTTP Auth Server. Maybe the below snapshot gives a clear idea, where you can see that after the post on /my.policy , F5 gave us a 200 OK and then the next request went to external logon URI which is something like /mfaqasit.....&nbsp;
&nbsp;

Forum Discussion

HTTP 302 Required instead of 200 OK

5 Replies

Recent Discussions

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

python f5 SDK 401 Unexpected Error: F5 Authorization Required

HTTP Health Monitor Failure Behavior

iRule HTTPS to HTTPS redirection

Replace HTTPS://xxxx.xxxx.com with HTTP://xxxx.xxxx.com

require ip detail for hitting wideip