ltm rule command AUTH abortΒΆ

iRule(1)					  BIG-IP TMSH Manual					     iRule(1)

AUTH::abort
       Cancels any outstanding auth operations in this authentication session.

SYNOPSIS
       AUTH::abort AUTH_ID

DESCRIPTION
       Cancels any outstanding auth operations in this authentication session, and generates an AUTH_FAILURE event if
       there was an outstanding authentication query in progress. This command invalidates the specified
       authentication session ID, which should be discarded upon calling this command.

       AUTH::abort authid

	    * Cancels any outstanding auth operations in this authentication
	      session, and generates an AUTH_FAILURE event if there was an
	      outstanding authentication query in progress. This command
	      invalidates the specified authentication session authentication ID,
	      which should be discarded upon calling this command.

RETURN VALUE
VALID DURING
       HTTP_REQUEST, HTTP_REQUEST_DATA

EXAMPLES
	This rule demonstrates one possible implementation of a 2-out-of-3
	authentication scheme. 3 auth servers are contacted simultaneously. The
	connection is permitted to proceed as soon as 2 servers report success.

	when CLIENT_ACCEPTED {
	    set auth_http_successes 0
	    set auth_http_sufficient_successes 2
	}
	when HTTP_REQUEST {
	    if {$auth_http_successes >= $auth_http_sufficient_successes} {
		return
	    }

	    set auth_sid [AUTH::start pam default_ldap]
	    set auth_http_sids(ldap) $auth_sid
	    AUTH::username_credential $auth_sid [HTTP::username]
	    AUTH::password_credential $auth_sid [HTTP::password]
	    AUTH::authenticate $auth_sid

	    set auth_sid [AUTH::start pam default_radius]
	    set auth_http_sids(radius) $auth_sid
	    AUTH::username_credential $auth_sid [HTTP::username]
	    AUTH::password_credential $auth_sid [HTTP::password]
	    AUTH::authenticate $auth_sid

	    set auth_sid [AUTH::start pam default_tacacs]
	    set auth_http_sids(tacacs) $auth_sid
	    AUTH::username_credential $auth_sid [HTTP::username]
	    AUTH::password_credential $auth_sid [HTTP::password]
	    AUTH::authenticate $auth_sid

	    HTTP::collect
	    set auth_http_collect_count 3
	}
	when AUTH_RESULT {
	    if {[array size auth_http_sids] == 0} {
		return
	    }
	    set auth_sid [AUTH::last_event_session_id]
	    if {[AUTH::status] == 0} {
		incr auth_http_successes
		if {$auth_http_successes >= $auth_http_sufficient_successes} {
		    foreach {type sid} [array get auth_http_sids] {
			unset auth_http_sids($type)
			if {$sid != -1} {
			    AUTH::abort $sid
			}
		    }
		    set auth_http_collect_count 0
		    HTTP::release
		    return
		}
	    }
	    foreach {type sid} [array get auth_http_sids] {
		if {$sid == $auth_sid} {
		    unset auth_http_sids($type)
		    AUTH::abort $sid
		    incr auth_http_collect_count -1
		    if {$auth_http_collect_count == 0} {
			HTTP::respond 401
		    }
		    break
		}
	    }
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-9.0.0 --First introduced the command.

BIG-IP						      2020-06-23					     iRule(1)