ltm rule command AUTH authenticate continueΒΆ

iRule(1)		      BIG-IP TMSH Manual		      iRule(1)



AUTH::authenticate_continue
       Continues an authentication operation.

SYNOPSIS
       AUTH::authenticate_continue AUTH_ID RESPONSE

DESCRIPTION
       Continues an authentication operation by providing the specified string
       as the credential response for the most recent authorization prompt.
       This command is only available when the event AUTH_WANTCREDENTIAL is
       the most recent event generated, and no AUTH::credential commands have
       been issued since the event, for the specified authentication ID.
       Unlike the AUTH::credential commands, the string credential provided by
       this command does not get cached, even if the desired credential type
       had been identified (see the AUTH::wantcredential_type command).  This
       command is especially useful in providing authentication services to
       interactive protocols (such as telnet, ftp, and so on), where the
       actual text prompts and responses might be directly communicated with
       the remote user.

       AUTH::authenticate_continue  

	    * Continues an authentication operation by providing the specified
	      string as the credential response for the most recent authorization
	      prompt.

RETURN VALUE
VALID DURING
EXAMPLES
	The example below is less efficient than the builtin system auth rules,
	and should be considered only a demonstration of
	AUTH::authenticate_continue. The AUTH::authenticate_continue command
	serves limited purpose at this time since as of this writing, the
	authentication modules present on BIG-IP are primarily
	username/password based. Since the authentication credential prompts
	are well-known, one can always provide the credentials in advance of
	calling AUTH::authenticate.

	when CLIENT_ACCEPTED {
	    set auth_stage 0
	}
	when HTTP_REQUEST {
	    if {$auth_stage > 0} {
		return
	    }
	    set auth_sid [AUTH::start pam some_interactive_pam_auth_service]
	    set http_username [HTTP::username]
	    set http_password [HTTP::password]
	    AUTH::authenticate $auth_sid
	    HTTP::collect
	}
	when AUTH_RESULT {
	    set auth_status [AUTH::status]
	    if {$auth_status == 0} {
		incr auth_stage
		AUTH::abort $auth_sid
		HTTP::release
	    } elseif {$auth_status == 2} {
		set auth_prompt [string tolower [string range [AUTH::wantcredential_prompt $auth_sid] 0 7]]
		if {($auth_prompt == "username") and ($http_username != "")} {
		    AUTH::authenticate_continue $auth_sid $http_username
		} elseif {($auth_prompt == "password") and ($http_password != "")} {
		    AUTH::authenticate_continue $auth_sid $http_password
		} else {
		    HTTP::respond 401
		}
	    } else {
		HTTP::respond 401
	    }
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-9.0.0 --First introduced the command.



BIG-IP				  2017-01-31			      iRule(1)