NimbostratusI need to implement a two factor authentication process with APM. The first authentication is witch AD and it works. Later I would need to generate some variables to send to the second authentication system, whitch is an external logon page. I don't want to use get, as some of the parameters are confidential. Would it be possible to use POST?
EmployeeLooking at this document it appears that the external logon page is supposed to do a POST...
Have you attempted to setup the External Logon Page?
Seth
NimbostratusI'm afraid I didn't understand what does external logon page mean.
Thank you
EmployeeManuel,
I think I read your original issue wrong...
Later I would need to generate some variables to send to the second authentication system, which is an external logon page.
Are you saying that the 2nd authentication is a separate web app? If so can you use the HTTP AAA Object? This object in the VPE will POST form data to an external website for authentication.
You could also probably do an iRule sideband connection but I wouldn't go down that path until you determine if the HTTP AAA Object will not work.
Seth
NimbostratusHello That's what I meant when I said that I misunderstood the functionality of External Logon. I thought It was the way to call a full external Web Authentication App. I with try with HTTP AAA Object. But I have several doubts. I don't know if its possible to pass session vars as parameters with post. On the other hand, I'm using a grid card authentication system. So, it's not using user and password but user cell-1 value and cell-2 value. The captions for both vales change (C1, A2, J5, B8...). Regards.
NimbostratusSame Question.. Can I send POST information to the external page?
If not, I assume I can send parameters via GET.
Does the external page URL process variable substitution so that I can send it GET parameters from APM known information?
The application is to first query for the username and password on the F5. F5 does an LDAP authentication and then query for secondary condition. If that is true I want to pass the username to a second external login page so that the user doesn't have to enter it again.
EmployeeNimbostratusOkay I will look into the HTTP AAA object. Sounds like a good path. In the meantime I did set up an external logon page and sent parameters in the GET string. Yes, it does substitution so, for example:
http://logonserver.here.com/logon.php?get1=me&userPrincipalName=%{session.logon.last.username}&end=done
did pass on the username into userPrincipalName variable..
Appreciate the info..
NimbostratusNimbostratus