AUTH::authenticate

Description¶

Continues an authentication operation by providing the specified
string as the credential response for the most recent authorization
prompt.
This command is only available when the event AUTH_WANTCREDENTIAL
is the most recent event generated, and no AUTH::credential
commands have been issued since the event, for the specified
authentication ID. Unlike the AUTH::credential commands, the
string credential provided by this command does not get cached, even
if the desired credential type had been identified (see the
AUTH::wantcredential_type
command).
This command is especially useful in providing authentication services
to interactive protocols (such as telnet, ftp, and so on), where the
actual text prompts and responses might be directly communicated with
the remote user.

Syntax¶

AUTH::authenticate_continue <authid> <string>

AUTH::authenticate_continue <authid> <string>¶

Continues an authentication operation by providing the specified string as the credential response for the most recent authorization prompt.

Examples¶

The example below is less efficient than the builtin system auth rules, and should be considered only a demonstration of AUTH::authenticate_continue. The AUTH::authenticate_continue command serves limited purpose at this time since as of this writing, the authentication modules present on BIG-IP are primarily username/password based. Since the authentication credential prompts are well-known, one can always provide the credentials in advance of calling AUTH::authenticate.

when CLIENT_ACCEPTED {
    set auth_stage 0
}
when HTTP_REQUEST {
    if {$auth_stage > 0} {
        return
    }
    set auth_sid [AUTH::start pam some_interactive_pam_auth_service]
    set http_username [HTTP::username]
    set http_password [HTTP::password]
    AUTH::authenticate $auth_sid
    HTTP::collect
}
when AUTH_RESULT {
    set auth_status [AUTH::status]
    if {$auth_status == 0} {
        incr auth_stage
        AUTH::abort $auth_sid
        HTTP::release
    } elseif {$auth_status == 2} {
        set auth_prompt [string tolower [string range [AUTH::wantcredential_prompt $auth_sid] 0 7]]
        if {($auth_prompt == "username") and ($http_username != "")} {
            AUTH::authenticate_continue $auth_sid $http_username
        } elseif {($auth_prompt == "password") and ($http_password != "")} {
            AUTH::authenticate_continue $auth_sid $http_password
        } else {
            HTTP::respond 401
        }
    } else {
        HTTP::respond 401
    }
}

Related Information¶

Valid Events:

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code:

Introduced: BIGIP-9.0.0

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.

AUTH::authenticate_continue¶

Description¶

Syntax¶

AUTH::authenticate_continue <authid> <string>¶

Examples¶

Related Information¶