Forms based authentication
With Forms based authentication, a logon form is presented to the end-user. This type of authentication form supports both multifactor (nFactor) authentication and Classic authentication.
Ensure the following for the Forms based authentication to work:
-
The load balancing virtual server must have authentication turned ON.
-
‘authenticationHost’ parameter must be specified to which the user must be redirected for authentication. The command for configuring the same is as follows:
set lb vs lb1 -authentication on –authenticationhost aaavs-ip/fqdn
-
Form based authentication is compatible with browser that supports HTML
The following steps walk through how the Forms based authentication works:
-
The client (browser) sends a GET request for a URL on the TM (load balancing/CS) virtual server.
- The TM virtual server determines that the client has not been authenticated, and sends an HTTP 302 response to the client. The response contains a hidden script that causes the client to issue a GET request for /cgi/tm to the authentication virtual server.
- The client sends GET /cgi/tm containing the target URL to the authentication virtual server.
- The authentication virtual server sends out a redirect to the login page.
- The user sends out its credentials to the authentication virtual server with a POST /doAuthentication.do. Authentication is done by the authentication virtual server.
- If the credentials are correct, the authentication virtual server sends an HTTP 302 response to the cgi/selfauth url on the load balancing server with a one time token (OTP).
- The load balancing server sends HTTP 302 to the client.
-
The client sends a GET request for their initial URL target URL along with a 32 byte cookie.