Forum Discussion
Stanislas_Piro2
Nov 15, 2016Cumulonimbus
Hi,
you can use this irule (not tested)
when RULE_INIT {
to be changed prior to any publishing
set static::passphrase "hEuoYjmFUpB4PcpO3bUdQtLP4ic7jjm"
}
when ACCESS_SESSION_STARTED {
if { [HTTP::cookie exists APMAuth] } {
set decrypted [HTTP::cookie decrypt "APMAuth" $static::passphrase]
scan $decrypted {%[^:]:%s} username password
ACCESS::session data set session.logon.last.username $username
ACCESS::session data set -secure session.logon.last.password $password
}
}
when ACCESS_POLICY_COMPLETED {
if { ([ACCESS::policy result] equals "allow") } {
HTTP::cookie encrypt "TMPCOOKIE" "[ACCESS::session data get session.logon.last.username]:[ACCESS::session data get -secure session.logon.last.password]"
HTTP::cookie encrypt "TMPCOOKIE" $static::passphrase
ACCESS::respond 302 noserver "Location" [ACCESS::session data get session.server.landinguri] "Cache-Control" "no-cache, must-revalidate" Set-Cookie "APMAuth=[HTTP::cookie TMPCOOKIE];path=/"
}
}
and configure VPE to check if session.logon.last.username is not null.
if session.logon.last.username equals "" then prompt for logon page, else validate authentication with user / password stored in encrypted cookie.