Forum Discussion

Bill_Kehn_27007's avatar
Bill_Kehn_27007
Icon for Nimbostratus rankNimbostratus
Oct 14, 2017

Help with Passing Basic http authentication username/password in APM policy.

Hello,

 

I am trying to accomplish something rather basic in APM and seem to be stuck. I want to use a separate credential against APM internal DB and then map a generic credential to be used against a basic authentication challenge presented by the back end server after successful policy.

 

Right now I have a logon page for testing but in the end it will be clientless. My logon page and auth against the APM DB works just fine. The problem is I am getting the 401 from the server right after that instead of passing a general credential (configured in SSO Configurations -> Basic HTTP). I am sure I am missing something simple.

 

My policy looks like this:

 

 

My SSO config looks like this:

 

 

Do I need a credential mapping in my policy as well?

 

Here is the APM log:

 

Thank you! Bill

 

APM
application delivery

2 Replies

Sort By
  • Bill_Kehn_27007's avatar
    Bill_Kehn_27007
    Icon for Nimbostratus rankNimbostratus
    Oct 14, 2017

    Well, I added an irule like this and it seems to work:

     

    when HTTP_REQUEST { set logindata [b64encode "basic_user:basic_pass"] log local0. "FOUND A REQUEST, SETTING AUTH $logindata" HTTP::header replace Authorization "Basic $logindata" }

     

    I was hoping there was some way within APM itself to do this without an irule.

     

    -Bill

     

  • Kevin_Davies's avatar
    Kevin_Davies
    Icon for MVP rankMVP
    Oct 16, 2017

    If you want to use alternate credentials for the backend then you would create an variable assign object to rewrite the sso variables after the LocalDB auth.

     

    Variable Assign Agent

     

    session.sso.token.last.username = string "myuser"

     

    session.sso.token.last.password = string "mypass"

     

     

    Delete those headers you added to the SSO profile.