Forum Discussion

Xavier's avatar
Xavier
Icon for Nimbostratus rankNimbostratus
Jul 10, 2019
Solved

APM - Automatic logon with URL Parameter

Hello,

 

I would like to know if it is possible to use the parameters of a URL to automatically fill in the login and password fields of the VPE logon page.

The APM is activated and so when calling https://www.mywebsite.com the redirection to https://mywebsite.com/my.policy

Is it possible to call https://www.mywebsite.com?login=MyLogin&pws=MyPwd to retrieve the login and password parameters and send them to the APM to fill in the fields of the logon page or to update

the corresponding variables with these values ? 

 

From a security point of view this is not optimal but we have a specific use that requires us to set up.

 

Best Regards,

APM
application delivery
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Jul 11, 2019

     

    the same code as iaine, but checkking both username and password are provided in the query string/

    when ACCESS_SESSION_STARTED {
	if {[set username [URI::query [HTTP::uri] login]] ne "" && [set password [URI::query [HTTP::uri] pws]] ne ""}{
		ACCESS::session data set session.logon.last.username $username
		ACCESS::session data set -secure "session.logon.last.password" $password
    unset -nocomplain username password
	}
}

     

3 Replies

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jul 11, 2019

     

    the same code as iaine, but checkking both username and password are provided in the query string/

    when ACCESS_SESSION_STARTED {
	if {[set username [URI::query [HTTP::uri] login]] ne "" && [set password [URI::query [HTTP::uri] pws]] ne ""}{
		ACCESS::session data set session.logon.last.username $username
		ACCESS::session data set -secure "session.logon.last.password" $password
    unset -nocomplain username password
	}
}

     

  • iaine's avatar
    iaine
    Icon for Nacreous rankNacreous
    Jul 11, 2019

    Hi

    Have you seen this KB article - https://support.f5.com/csp/article/K13296

     

    Following this you should hopefully be able to do what you need. Basic code would look something like this....and you can add on any needed validations as required

     

    when ACCESS_SESSION_STARTED {
	if {[HTTP::query] starts_with "login"}{
		
		ACCESS::session data set session.logon.temp.username [URI::query [HTTP::uri] login]
		ACCESS::session data set "session.logon.temp.password" [URI::query [HTTP::uri] pws]
 
	}
}

     

  • Xavier's avatar
    Xavier
    Icon for Nimbostratus rankNimbostratus
    Oct 28, 2019

    Hi,

     

    Thank for your help. With this code, QRCode authentifcation work.

     

    Best Regards,