Forum Discussion

Doffie's avatar
Doffie
Icon for Nimbostratus rankNimbostratus
Apr 26, 2017

iRule to query SQL for Auth and attributes

Hi All We are in a situation where we as a company have a lot of customer portals and would like to use the F5 to consolidate the logins. Using the LTM we would like to have a default login page and when the customer enters their credentials we would like the F5 to query a SQL database to verify their credentials as well as doing a lookup that returns the portal information to which they can be redirected to and logged in via SSO. As an example. Customer ABC logs in via LTM.

 

1) F5 queries SQL database to validate credentials (Username and Password)

 

Then

 

2) F5 queries SQL to get portal information. (Reply is http://xyz.com)

 

3) F5 redirects client to xyz.com Portal

 

4) F5 posts using user credentials to the portal to map user credentials.

 

Steps 3 and 4 I believe can be accomplished with an irule however I am not sure if steps 1 and 2 are possible. Documents point to sideband connections but I am not sure if it is even feasible.

 

Thanks for any assistance.

 

1 Reply

  • Hi,

    the authentication module in BigIP is APM. but APM does not support SQL authentication.

    I already had this kind of request from a customer and I solved it with an internal web service converting HTTP request to SQL requests (this web service is not hosted by F5)

    • On a internal web server with SQL connection, create a web service with
      • Basic authentication client side
      • authenticate users against SQL
      • insert in a cookie containing portal information
    • On APM, create a Access Policy with HTTP Authentication on internal web service
      • after authentication, parse cookie with expression
        expr { [lindex [regexp -inline {Portal=([^;\\\r]*)} [mcget session.http.last.response_cookie]] 1] }
      • redirect user to this url.