NimbostratusHey guys,
I'm having very similar, if not exactly the same, challenge as the one below, to pass a username and password to a login web page. The user name and password are generic and needs to be hard-coded within the iRule.
I haven't got APM module therefore I would need to use a LTM with an iRule to get it done.
Any ideas how to achieve this?
So you want to create an iRule that performs some kind of Single Sign On. What happens when the user logs in successfully? Will a session cookie be set?
NimbostratusCurrently when user browse to the URL, F5 VS will load-balancer will forward the traffic to one of the backend web servers. For the user, in order to see the page content, authentication is required. All the users use the same generic account to log-on.
What I would like to do is to pass that generic username * password within the iRule so whoever goes to the URL will be immediately presented with the page content.
I guess it is some kind of SSO.
Re: Will a session cookie be set? - what is this required for?
The backend web application needs to know if a request comes from an authenticated or non-authenticated user. A lot of web applications are using cookies to differentiate between authenticated and non-authenticated users. After successfull login, the application will set a cookie. When the user presents the cookie to the web application with each request, it will grant access to the password protected part of the website instead of redirecting the user to a login page. But besides cookies there could be other methods used. This information is essential when building the iRule.
NimbostratusThanks for your constructive comments Niels,
I'm little bit 'green' in this areas, where shall I start with regards to get the iRule (with cookie) configured?
CumulonimbusThis seems to be a little bit complicated.
When a user logs in a web page, the server respond with a cookie to follow the user session. so you must check first which cookies are required by the server.
When the client send a request without this cookie, you must respond with a web page containing only a javascript code which redirect to the form POST URL with fake data.
When the client send a request without this cookie with to the expected URL, must change the content with credentials.
Of course, you first have to know how the web server works. for example, you must know :
You can get all these informations with Firefox developper's tool.
