ltm rule event AUTH WANTCREDENTIAL
iRule(1) BIG-IP TMSH Manual iRule(1)
AUTH_WANTCREDENTIAL
Triggered when an authorization operation needs an additional credential (deprecated in 9.4).
DESCRIPTION
Note: Deprecated in 9.4. It will still work, but is being phased out. Use AUTH_RESULT instead in 9.4 and up.
Triggered when an authorization operation needs an additional credential. See also the description of the
AUTH::wantcredential_prompt command.
A default handler for this event is associated with each of the authentication profiles, and causes the system
to close the connection unless it can obtain the desired credential. Typically, this implies that the protocol
layer that provides the credential has also not yet obtained the credential, because the system did not enable
the necessary authentication protocol. Each of the authentication profiles contains appropriate default
handlers for its respective protocol.
Examples
when AUTH_WANTCREDENTIAL {
HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""
}
when AUTH_FAILURE {
log local0. "Auth failed: Auth prompt was \"[AUTH::wantcredential_prompt $authid]\" Auth prompt style was \"[AUTH::wantcredential_prompt_style $authid]\""
}
HINTS
SEE ALSO
https://devcentral.f5.com/wiki/iRules.ClientAuthUsingHTMLForms.ashx - This iRule illustrates how to use HTML
Forms for client authentication. https://devcentral.f5.com/wiki/iRules.ClientAuthUsingHttpCookie.ashx - This
iRule illustrates how to use HTTP Cookies for client based authentcation.
https://devcentral.f5.com/wiki/iRules.ClientAuthUsingHttpCookie.ashx - The iRule implements a authenticated
HTTPS reverse proxy.
CHANGE LOG
@BIGIP-9.0.0 --First introduced the event. @BIGIP-9.4.0 --Deprecated in this version
BIG-IP 2020-06-23 iRule(1)