ltm rule event AUTH WANTCREDENTIAL
iRule(1) BIG-IP TMSH Manual iRule(1)
AUTH_WANTCREDENTIAL
Triggered when an authorization operation needs an additional credential (deprecated in 9.4).
DESCRIPTION
Note: Deprecated in 9.4. It will still work, but is being phased out. Use AUTH_RESULT instead in 9.4 and up.
Triggered when an authorization operation needs an additional credential. See also the description of the
AUTH::wantcredential_prompt command.
A default handler for this event is associated with each of the authentication profiles, and causes the system to close the
connection unless it can obtain the desired credential. Typically, this implies that the protocol layer that provides the
credential has also not yet obtained the credential, because the system did not enable the necessary authentication
protocol. Each of the authentication profiles contains appropriate default handlers for its respective protocol.
Examples
when AUTH_WANTCREDENTIAL {
HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""
}
when AUTH_FAILURE {
log local0. "Auth failed: Auth prompt was \"[AUTH::wantcredential_prompt $authid]\" Auth prompt style was \"[AUTH::wantcredential_prompt_style $authid]\""
}
HINTS
SEE ALSO
https://devcentral.f5.com/wiki/iRules.ClientAuthUsingHTMLForms.ashx - This iRule illustrates how to use HTML Forms for
client authentication. https://devcentral.f5.com/wiki/iRules.ClientAuthUsingHttpCookie.ashx - This iRule illustrates how
to use HTTP Cookies for client based authentcation. https://devcentral.f5.com/wiki/iRules.ClientAuthUsingHttpCookie.ashx -
The iRule implements a authenticated HTTPS reverse proxy.
CHANGE LOG
@BIGIP-9.0.0 --First introduced the event. @BIGIP-9.4.0 --Deprecated in this version
BIG-IP 2022-04-12 iRule(1)