ltm rule command AUTH unsubscribe
iRule(1) BIG-IP TMSH Manual iRule(1)
AUTH::unsubscribe
Cancels interest in auth query results.
SYNOPSIS
AUTH::unsubscribe AUTH_ID
DESCRIPTION
AUTH::unsubscribe cancels interest in auth query results. AUTH::response_data will not return data from query results for
which a subscription has been cancelled before AUTH::authenticate has been called. Also see AUTH::subscribe.
AUTH::unsubscribe
* Cancels interest in auth query results.
RETURN VALUE
VALID DURING
EXAMPLES
The rule below demonstrates how multi-pass auth might be performed.
Additional error checking of the group name would be necessary in a
production-ready rule.
rule multi_pass_auth {
when HTTP_REQUEST {
if {not [info exists auth_pass]} {
set auth_sid [AUTH::start pam auth_method_user]
AUTH::subscribe $auth_sid
set auth_username [HTTP::username]
set auth_password [HTTP::password]
AUTH::username_credential $auth_sid $auth_username
AUTH::password_credential $auth_sid $auth_password
AUTH::authenticate $auth_sid
set auth_pass 1
}
}
when AUTH_RESULT {
if {[AUTH::status] != 1} {
if {$auth_pass == 1} {
HTTP::respond 401
} else {
reject
}
}
if {$auth_pass == 1} {
array set auth_response_data [AUTH::response_data]
set auth_group [lindex [array get auth_response_data ldap
AUTH::abort $auth_sid
set auth_sid [AUTH::start pam $auth_group]
AUTH::username_credential $auth_sid $auth_username
AUTH::password_credential $auth_sid $auth_password
AUTH::unsubscribe $auth_sid
AUTH::authenticate $auth_sid
set auth_pass 2
} else {
HTTP::release
set auth_pass 3
}
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2022-04-12 iRule(1)