Node.JS site to store TOPT Keys in Datagroup

Problem this snippet solves:

The Google Auth (TOPT) iRule allows the key that is used to generate the token to be stored in a Data Group. However, iRules are not allowed to write to a data group. This means that the iRule that generates a key can only display the key so it can be cut and pasted into another form for use (AD field or Data Group). This node.js site fixes that problem by interacting with the google_auth_keys data group using the iControl node module.

How to use this snippet:

The Google Auth APM iRule needs to be set up to use the data group google_auth_keys as the key repository. That is the only change to the Google Auth APM iRule. Next, create a LTM-APM access policy that uses the users normal authentication methods - AD or LDAP - to access the node.js site. The only iRule required adds a magic key that is used by the node.js site to block access via any other avenue. when HTTP_REQUEST_RELEASE { HTTP::query "userid=[ACCESS::session data get session.logon.last.username]&magic=GAsecret" }

Now for the fun part. Download the attached .zip file and expend it into a F5vpn directory. Modify the following files: 1. bin\www - Change the port on line 15 to your fav. Note the port number and IP address of the server to create the GAkeys pool used by the virtual server that uses the GAkey_apm created above. 2. F5config.js - Enter the ip addresses of your F5 pair and the other fields. Note that the "admin" user must be used here. iControlRest doesn't allow any other user ID. If you just have one F5, enter the same IP twice. 3. views\index.jade - Adjust the static text to meet your needs. 4. views\layout.jade - Enter the name of your image file. Be sure to copy the file into the public\images directory. 5. routes\index.js - Update the GATsecret (line 43) with the magic word you entered in the APM iRule.

Now, just run "npm install" from the base directory - f5VPN - to load the dependencies. Run your node site with the normal tools - I use forever with a short /etc/init.d/f5VPN script.

Code :

62799
Published Aug 10, 2015
Version 1.0

Was this article helpful?

No CommentsBe the first to comment