Forum Discussion

ktm_2000's avatar
ktm_2000
Icon for Altostratus rankAltostratus
Nov 01, 2023

HTTP auth - Calling external API with parameters

Folks I am relatively new to F5 and am trying to do a custom auth by passing paramaters to an API and getting a response.

The api is expecting me to call     url\param1\param2\param3

Upon success it currently returns true

I've tested HTTP auth by setting up an AAA server and tried basic auth and I can build a statement with the required parameters and get it sent to the API and the API is successfully evaluating the conditions as expected.   If the API replys with true on success or with false for failure the F5 is considering either condition a success.

my issue is that in forms or custom post,  you can define what the success criteria is and in basic that option is not available.     I can have the developer code whatever is needed for a successful response but am struggling to find out what the F5 is looking for to determine a successfull response.

 

I have found the following and it seems that it is looking for a "200" as success

 https://stackoverflow.com/questions/32671292/determine-whether-a-basic-authentication-login-was-successful

 

Can anyone confirm that the F5 is indeed looking for a "200" response?

thanks in advance!!!!

  • When using Basic authentication a status code of 200 means that all is okay and no authentication is needed or that authentication already was successful. The server should respond with a status code of 401, until the client has been successfully authenticated. The picture below shows how it should work.

     

2 Replies

  • When using Basic authentication a status code of 200 means that all is okay and no authentication is needed or that authentication already was successful. The server should respond with a status code of 401, until the client has been successfully authenticated. The picture below shows how it should work.

     

  • Thank you,   We had it coded to reply http 200 for both and had text to differentiate between valid or not.   I had the developer throw http 401 - unauthorized for false and redeployed.

    All is working well.    Thank you for your insight!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!