Forum Discussion

SysTopher's avatar
SysTopher
Icon for Nimbostratus rankNimbostratus
Oct 30, 2015

F5 APM assistance with passing login to a .Net app

Hey everyone,

 

I'm pretty new to the F5 APM module and was hoping I might get some pointers on a project I've been tasked with. I've been asked to create an APM policy to allow users to login to a database account with their AD credentials.

 

The team that's requesting this has put together a .NET application that is supposed to map the AD account to the database account. This application has been deployed on a web server and has a Username, Password and Database field. The purpose of this application is to verify if the AD username and passwords match the database account. * If both exist and match it exits normally. * If the username exists, but the password does not match, it updates the password on the database side to match the AD password and returns a code 0 and exits normally. *If the username does not exist the app returns an error code higher than 0.

 

So the goal here is to obtain the AD username, password and the database name from the user at the F5 login page. I believe I've got this figured out easily enough. I've added a select field under password and I've input the names of the databases that users will choose from. I've named this variable database since that's what the .NET app will be expecting.

 

Next, I have an authentication node to authenticate the username/password using AD Auth.

 

Next is where I'm a little hung up. I have two parts I need to figure out.

 

1) Pass the username/password/database variable to this .NET page. I've got a URL to this page. So I'm thinking it needs to be Logon Page --> AD Auth --> SSO Mapping --> External Logon Page --> Allow? Or do I configure it as just Logon Page --> AD Auth --> SSO Mapping --> Allow and then configure this .NET page somewhere in an SSO Configuration somehow?

 

I looked at the SSO Configurations and I see there is a spot in there for Hidden Form Parameters. Is this what I could use to pass the 3rd variable "database" to the form?

 

2) I will need to figure out how to use the responses the .NET application comes back with to determine if the user gets any further.

 

I'm assuming I can do this with the branch rules somehow? I looked at adding Simple expressions to a branch rule, but Agent options I got didn't look useful. These users are connecting to an Oracle Database, but technically this .NET application is the one returning result back to the F5 as described above.

 

Anyone have any pointers for me on where to look on starting to accomplish this? It would be GREATLY appreciated.

 

3 Replies

    • SysTopher's avatar
      SysTopher
      Icon for Nimbostratus rankNimbostratus
      Thanks for the comment. So are you thinking I should be able to pass the 3rd field on the logon page, database, via the SSO configuration? I also just realized I could possibly use variable assign to pass that variable to the .NET app, perhaps?
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account

    Yes. Most (not all) places where you can enter fixed text, you can put a session variable using the normal APM format: %{session.mysessionvariable}

     

    It will see that %{} and unwrap it to the actual contents of the session variable.