apm aaa http
apm aaa http(1) BIG-IP TMSH Manual apm aaa http(1)
NAME
http - Specify an http server configuration used for authentication.
MODULE
apm aaa
SYNTAX
Configure the http component within the aaa module using the syntax shown in the following sections.
CREATE/MODIFY
create http [name]
modify http [name]
options:
app-service [[string] | none]
auth-type [form-based | basic-ntlm | custom-post]
content-type [xml-utf8 | url-encoded-utf8 | none]
custom-body [[string] | none]
description [[string] | none]
follow-redirect [integer]
form-action [[string] | none]
form-fields [[string] | none]
form-method [get | post]
form-params [[string] | none]
form-password [[string] | none]
form-username [[string] | none]
headers [add | delete | modify | replace-all-with | none] {
[name] {
app-service [[string] | none]
hname [[string] | none]
hvalue [[string] | none]
}
}
location-specific [true | false]
start-uri [[string] | none]
success-match-type [url | cookie | string | exact-cookie]
success-match-value [[string] | none]
edit http [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list http
list http [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
app-service
non-default-properties
one-line
partition
DELETE
delete http [name]
DESCRIPTION
You can use the http component to create and manage AAA HTTP servers.
EXAMPLES
create http myHttpServer { start-uri "http://mycompany.com/" auth-type basic-ntlm }
Creates an HTTP authentication server named "myHttpServer" with a starting URI of http://mycompany.com.
delete http myHttpServer
Deletes the myHttpServer AAA HTTP server.
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the object. Only the application service can modify or delete the object.
auth-type
Specifies the type of authentication you want to use.
form-based
Specifies the authentication type to be form-based.
basic-ntlm
Specifies the authentication type to be basic-ntlm.
custom-post
Specifies the authentication type to be custom-post.
content-type
Specifies the encoding (xml-utf8, url-encoded-utf8, or none) for an HTTP custom post. If you specify
'none', you must use the headers option to add a custom header. In addition to specifying a custom
header, you must apply your own encoding through an iRule.
custom-body
Specifies the body for a HTTP Custom Post.
description
Specifies a unique description for the server. The default is none.
follow-redirect
Specifies the number of pages away from the landing page the request should travel before failing.
form-action
Specifies the complete destination URL to process the form using HTTP form-based authentication. This is
optional. If you do not specify a form action, then Access Policy Manager will use the URI from the
request to perform HTTP form-based authentication.
form-fields
Specifies the hidden form parameters that are required by the authentication server logon form at your
location. The default is none. Specify a parameter name, a space, and the parameter value, if any.
Multiple parameters can be configured with each "name value" pair in one line. Use edit to add multiple
parameters. Please note that create and modify do not allow using new line on the terminal.
form-method
Specifies the form method you want to use for the form-based HTTP authentication. The value is either Get
or POST. The default is POST. However, if you specify GET, the Access Policy Manager will force the
authentication using HTTP GET rather than perform authentication using form-based POST.
form-password
Specifies the parameter names used by the form you are sending the POST request to.
form-username
Specifies the parameter names used by the form you are sending the POST request to.
headers
Specifies the name and value of the header content to be inserted in an HTTP Post. The options are:
app-service
Specifies the name of the application service to which the HTTP header belongs. The default value is
none. Note: If the strict-updates option is enabled on the application service that owns the object,
you cannot modify or delete the HTTP header. Only the application service can modify or delete the
HTTP header.
hname
The name of the HTTP header.
hvalue
The value of the HTTP header.
location-specific
Specifies whether or not this object contains one or more attributes with values that are specific to the
location where the BIG-IP device resides. The location-specific attribute is either true or false. When
using policy sync, mark an object as location-specific to prevent errors that can occur when policies
reference objects, such as authentication servers, that are specific to a certain location.
[name]
Specifies the name of the aaa http server. This option is required.
partition
Displays the partition within which the component resides. The default is Common.
start-uri
Specifies a URL resource, for example, http://plum.tree.lab2.sp.companynet.com/. This resource must
respond with a challenge to a non-authenticated request.
success-match-type
Specifies the method your authentication server uses and determines the option definition used for this
field. The field toggles according to your selection.
cookie
Specifies any string in cookie is required.
exact-cookie
Specifies key fields in cookie is required.
string
Specifies a specific string is required.
url Specifies a URL is required.
success-match-value
Specifies the URL, any string in cookie, exact cookie or specific string used for the specific success
match type you see.
SEE ALSO
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2013, 2015-2016. All rights reserved.
BIG-IP 2016-03-14 apm aaa http(1)