ltm rule command ACCESS ephemeral-authΒΆ

iRule(1)					  BIG-IP TMSH Manual					     iRule(1)

ACCESS::ephemeral-auth
       Ephemeral auth related iRule

SYNOPSIS
       ACCESS::ephemeral-auth create ('-user' USER) ('-auth_cfg' AUTH_CONFIG)? ('-sid' SESSION_ID)?

       ACCESS::ephemeral-auth verify ('-user' USER) ('-password' PASSWORD) ('-protocol' EPHEMERAL_AUTH_PROTOCOL)

DESCRIPTION
       Ephemeral auth related iRule

       This command can be used either to create or verify a temporary password for ephemeral authentication.

       ACCESS::ephemeral-auth create [] will create a temporary password and return its value. When auth_cfg is not
       given, it will use the one deduced from access-config that is associated with the virtual server.  When sid is
       not given, it will use the one retrieved from the current access environment.

       ACCESS::ephemeral-auth verify [] will verify the user credentials and return the session id that was used to
       generate temporary password.

RETURN VALUE
       ACCESS::ephemeral-auth create [] will return the generated temporary password.  ACCESS::ephemeral-auth verify
       [] will return the session id.

VALID DURING
EXAMPLES
	proc ephemeral_auth_test1 {} {
	    set user "jdoe"
	    set passwd [ ACCESS::ephemeral-auth create -user $user -auth_cfg "/Common/auth1" -sid "123456789" ]
	    log local0. "passwd created $user $passwd"
	    set sid [ ACCESS::ephemeral-auth verify -user $user -password $passwd -protocol radius ]
	    log local0. "verify $user $passwd $sid"
	}

	when HTTP_REQUEST {
	    if { [ HTTP::path ] starts_with "/test1" } {
		call ephemeral_auth_test1
		HTTP::respond 200 -content "test1\n"
	    }
	}

	proc ephemeral_auth_test2 {} {
	    set user "jsmith"
	    set passwd [ ACCESS::ephemeral-auth create -user $user -auth_cfg "/Common/auth1" ]
	    log local0. "passwd created $user $passwd"
	    set sid [ ACCESS::ephemeral-auth verify -user $user -password $passwd -protocol radius ]
	    log local0. "verify $user $passwd $sid"
	}

	when ACCESS_SESSION_STARTED {
	    if { [ HTTP::path ] starts_with "/test2" } {
		log local0. "session id: [ ACCESS::session sid ]"
		call ephemeral_auth_test2
		ACCESS::respond 200 -content "test2\n"
	    }
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-15.1.0 --First introduced the command.

BIG-IP						      2020-06-23					     iRule(1)