Big-IP and ADFS Part 5 – “Working with ADFS 3.0 and SNI”
Published May 30, 2014
Version 1.0Was this article helpful?
I had a requirement where we needed to authenticate together with using SNI, I ended up modifying the script to allow input of the username and password into the custom monitor variables. However because this password is stored in plain text I looked at encrypting it using the default RSA key on the F5.
Replace:
curl-apd -k -v --resolve $HOST:$PORT:$NODE https://$HOST$URI 2>&1 >
With:
encrypted_pass= openssl rsautl -inkey /config/httpd/conf/ssl.key/server.key -decrypt
curl-apd -k -v -u "${USER}:${encrypted_pass}" --resolve $HOST:$PORT:$NODE https://$HOST$URI 2>&1 >
You will need to create an encrypted file using the below command from F5 ssh:
echo "password" | openssl rsautl -inkey /config/httpd/conf/ssl.key/server.key -encrypt >/home/sp2016mon.bin
After you have created the file the monitor will then decrypt the password and login using curl. If the default key pair on the F5 device ever expires or changes you will need to rerun this command to re-create the file. If the password changes you will also need to rerun this command to re-create the file.
When creating the monitor use the "USER" variable to add your username.