Forum Discussion
Arnaud_Lemaire
Sep 26, 2014Employee
yes you should be able to do that.
- you need in your VPE to create two irule_event agents.
- first one before logon page is triggering and event in irule looking for your cookie if cookie present and valid you branch to a logon page with just simple auth. to play with cookie in irule have look here :https://devcentral.f5.com/wiki/iRules.HTTP__cookie.ashx
- if cookie is not valid or not present you branch to the full otp process
- the way you create your branch could be by setting an apm session variable in the irule and checking the value in an empty box just after the irul_event agent. to set or read APM variable from irule have a look here : https://devcentral.f5.com/wiki/iRules.ACCESS__session.ashx
- the second irule_event in the VPE should happen after the successful full authentication process in this irule you craft your cookie.
- now the good question is what do i put in my cookie, i would say anything proper to the session with some variance, so you could try to hash username + apm session id with md5 irule command :https://devcentral.f5.com/wiki/iRules.md5.ashx
- once you have your hash you put in a irule tablehttps://devcentral.f5.com/wiki/iRules.table.ashx with a lifetime, and you compare in the first irule_event agent the cookie sent by user and the table content to find a match.
good luck !