Help to configure -- Cookie based authentication

Question

Hi All,
We have a specific requirement for one application at xyz company and I need assistance to shed some light on how to move forward with this requirement.
The application is internally developed by XYZ application team and runs on iPad.
Currently, the application is configured on LTM and the authentication happens on the backend server. Similar to any other application, once it is lunched the user enters his credentials (username &amp; password) for login. After login, there are some links (buttons) which point to other applications and these applications are configured with LTM/APM on the same F5 device. Our target is to have sort of SSO, meaning that after initial login the user should have the ability to open/access the other applications without entering the credentials again.
Need help in configuring cookie based authentication. I have referred link text but not much help.
My requirement is whenever specific cookie is POSTed , it should get authentication.Below is my VPE which i have configured. .
&nbsp;
If a cookie is sent it should get authenticated else login page will be prompted. But here when i use this irule event. login page doesnt come nor cookie based authentication is happening. Anybody who has made similar configuration, kindly share steps to achieve this, being struggling for quite a time for solution.
&nbsp;
Code
when CLIENT_ACCEPTED {
set authinsck 0
set forceauth 1
set ckname login-ptrms
set ckpass xyz@1234
set ckvalue 12345
set ckdomain xyz.com.qa
set asid [AUTH::start pam default_ldap]
}
when HTTP_REQUEST {
if {[HTTP::cookie exists $ckname]} {
    HTTP::cookie decrypt $ckname $ckpass 128
    if {[HTTP::cookie value $ckname] eq $ckvalue} {
        set forceauth 0
    }
    HTTP::cookie remove $ckname
}

Code
    if {$forceauth eq 1} {
    AUTH::username_credential $asid [HTTP::username]
    AUTH::password_credential $asid [HTTP::password]
    AUTH::authenticate $asid
    HTTP::collect
}

}

when HTTP_RESPONSE {
if {$authinsck eq 1} {
    HTTP::cookie insert name $ckname value $ckvalue path / domain $ckdomain
    HTTP::cookie secure $ckname enable
    HTTP::cookie encrypt $ckname $ckpass 128
}

}
when AUTH_SUCCESS { 
  if {$asid eq [AUTH::last_event_session_id]} { 
    set authinsck 1 
    HTTP::release 
  }
}
&nbsp;

dragonflymr · Answer

Hi,&nbsp;
Hard to say without knowing iRule attached to your VS. If you can post your iRule (please use Preformatted Code - without it it's hard to read iRule) it would help in finding reason.&nbsp;
As a first step in troubleshooting I would capture communication between client and VS on BIG-IP. If after sending POST BIG-IP is resetting connection then most probably there is some error in iRule - you can check it using tail -f /var/log/ltm | grep  in BIG-IP CLI - look for iRule related errors, most probably TCL error.&nbsp;
Piotr&nbsp;

Forum Discussion

Help to configure -- Cookie based authentication

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Re: LTM SYN Cookie Configuration

Distributed caching of authentication requests with NGINX Ingress Controller

Application Programming Interface (API) Authentication types simplified

Decoding the IPv4 address from the persistence cookie

AD Authentication and Local DB Authentication in APM