iRULE to capture user credentials in SOAP-XML Payload in Clientless Mode
We have application limitation from vendor where they don't support authentication based on Multiple Domains. I am configuration iRule and APM to achieve short coming of application.
External Application-A Fat client => calls application-B using particular URI (Virtual Server on F5)
Application B URI is defined as plugins in Application A fat client.
when HTTP_REQUEST
- HTTP::header insert "clientless-mode" 1 (iRule will put into clientless mode for /xyz URI since there are other URIs for webinterface)
- iRule will match if http menthod id post and content-Type contains "soap+xml" -Collect HTTP content
when HTTP_REQUEST_DATA - Go through XML - Collect username "user1@domain1.com " - Collect Password "12345678"
When Access_Session_started{
Assign value collected previously to variable session.logon.last.username $username session.logon.last.password $password }
APM policy will be look like as follows:
Start => if username contains domain1 => domain1\$username => RADIUS => Allow => Deny
=> if username contains domain2 => domain1\$username => RADIUS => Allow
=> Deny