Forum Discussion

ciniminis's avatar
ciniminis
Icon for Nimbostratus rankNimbostratus
Feb 08, 2016

How to have APM call an external API using a GET request?

For various reasons we need to use an external OTP generator (rather than have F5 generate the OTP) for our company's soft token solution. The external OTP generator is LinOTP, and I need to have our APM policy call the LinOTP's API to make the request to generate an OTP token code. From the best I could gather, I need to use an irule to make the sideband connection - but I am unsure how to format the GET request from there on.

This is an example of the request I need to send:

https://hostname.domain.com/validate/check?user=USERNAME&realm=REALMNAME&pass=

(where "hostname.domain.com" is the FQDN of our LinOTP server, USERNAME and REALMNAME are values I'll get from APM login page input fields)

My questions are:

  1. In the irule, do I need to do anything special for the HTTPS connection to the LinOTP server? Examples I found are for HTTP.

  2. In the irule, how should I format the request - does the following look right?

 

set request "GET /validate/check?user=$username&realm=$realmname&pass= HTTP/1.1\r\nHost: hostname.domain.com\r\n\r\n"

 

First time poster, so please let me know if I can provide better information. Your help will be greatly appreciated!

2 Replies

  • In the irule, do I need to do anything special for the HTTPS connection to the LinOTP server? Examples I found are for HTTP.

     

    You need to pass the traffic through an internal HTTP VIP and encrypt on the server side to the remote server. Sideband doesn't support SSL directly.

     

    In the irule, how should I format the request - does the following look right?

     

    That looks right.

     

  • You need a simply VIP with a server SSL profile (only) and SNAT (optionally). In your sideband code, point directly at the virtual server name.