ltm rule command ACCESS ephemeral-auth
iRule(1) BIG-IP TMSH Manual iRule(1)
ACCESS::ephemeral-auth
Ephemeral auth related iRule
SYNOPSIS
ACCESS::ephemeral-auth create ('-user' USER) ('-auth_cfg' AUTH_CONFIG)? ('-sid' SESSION_ID)?
ACCESS::ephemeral-auth verify ('-user' USER) ('-password' PASSWORD) ('-protocol' EPHEMERAL_AUTH_PROTOCOL)
DESCRIPTION
Ephemeral auth related iRule
This command can be used either to create or verify a temporary password for ephemeral authentication.
ACCESS::ephemeral-auth create [] will create a temporary password and return its value. When auth_cfg is not
given, it will use the one deduced from access-config that is associated with the virtual server. When sid is
not given, it will use the one retrieved from the current access environment.
ACCESS::ephemeral-auth verify [] will verify the user credentials and return the session id that was used to
generate temporary password.
RETURN VALUE
ACCESS::ephemeral-auth create [] will return the generated temporary password. ACCESS::ephemeral-auth verify
[] will return the session id.
VALID DURING
EXAMPLES
proc ephemeral_auth_test1 {} {
set user "jdoe"
set passwd [ ACCESS::ephemeral-auth create -user $user -auth_cfg "/Common/auth1" -sid "123456789" ]
log local0. "passwd created $user $passwd"
set sid [ ACCESS::ephemeral-auth verify -user $user -password $passwd -protocol radius ]
log local0. "verify $user $passwd $sid"
}
when HTTP_REQUEST {
if { [ HTTP::path ] starts_with "/test1" } {
call ephemeral_auth_test1
HTTP::respond 200 -content "test1\n"
}
}
proc ephemeral_auth_test2 {} {
set user "jsmith"
set passwd [ ACCESS::ephemeral-auth create -user $user -auth_cfg "/Common/auth1" ]
log local0. "passwd created $user $passwd"
set sid [ ACCESS::ephemeral-auth verify -user $user -password $passwd -protocol radius ]
log local0. "verify $user $passwd $sid"
}
when ACCESS_SESSION_STARTED {
if { [ HTTP::path ] starts_with "/test2" } {
log local0. "session id: [ ACCESS::session sid ]"
call ephemeral_auth_test2
ACCESS::respond 200 -content "test2\n"
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-15.1.0 --First introduced the command.
BIG-IP 2020-06-23 iRule(1)