Manual Chapter : About OAuth Logon

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0
Manual Chapter

About OAuth Logon

The OAuth logon page action prompts for a user name and password, or other identifying information. This action creates a logon page in a per-session policy (or in a per-request policy subroutine), and is typically added before the authentication action that checks the credentials provided on the logon page. The logon page action provides customizable fields and enables localization.
The OAuth logon page action provides these configuration options and elements.
When configured in a per-request subroutine, some screen elements and options described here might not be available.
Split domain from full username
Specifies
Yes
or
No
.
  • Yes
    - specifies that when a username and domain combination is submitted (for example,
    marketing\jsmith
    or
    jsmith@marketing.example.com
    ), only the username portion (in this example,
    jsmith
    ) is stored in the session variable
    session.logon.last.username
    .
  • No
    - specifies that the entire username string is stored in the session variable.
CAPTCHA configuration
Specifies a CAPTCHA configuration to present for added CAPTCHA security on the logon page.
Type
Specifies the type of logon page input field:
text
,
password
,
select
,
checkbox
, or
none
.
  • text
    Displays a text field, and shows the text that is typed in that field.
  • password
    Displays an input field, but displays the typed text input as asterisks.
  • select
    Displays a list. The list is populated with values that are configured for this field.
  • checkbox
    Displays a check box.
  • radio
    Displays radio buttons; users select among buttons labeled with values that they configure for this field.
  • none
    Specifies that the field is not displayed on the logon page.
Post Variable Name
Specifies the variable name that is prepended to the data typed in the text field. For example, the POST variable
username
sends the user name input
omaas
as the POST string
username=omaas
.
Session Variable Name (or Subsession Variable Name)
Specifies the session variable name that the server uses to store the data typed in the text field. For example, the session variable
username
stores the username input
omaas
as the session variable string
session.logon.last.username=omaas
.
A per-request policy subroutine uses subsession variables in place of session variables.
Clean Variable
Specifies whether to clear any value from the variable before presenting the logon page to the user; to clean the variable, select
Yes
. Defaults to
No
.
Values
Specifies values for use for a
select
or
radio
type logon page input field. To configure values, click the field. A popup window opens where users can specify values and any text that they want to display in place of a value.
Read Only
Specifies whether the logon page agent is read-only, and always used in the logon process as specified. You can use
Read Only
to add logon POST variables or session variables that you want to submit from the logon page for every session that uses this access policy, or to populate a field with a value from a session variable. For example, you can use the On-Demand Certificate agent to extract the
CN
(typically the user name) field from a certificate, then you can assign that variable to
session.logon.last.username
. In the logon page action, you can specify
session.logon.last.username
as the session variable for a read only logon page field that you configure. When Access Policy Manager displays the logon page, this field is populated with the information from the certificate
CN
field (typically the user name).
Additionally, customization options specify text and an image to display on the screen.
Import
Click
Import
to import a previously exported logon customization file.
Language
Specifies the language to use to customize this logon page. Selecting a language causes the content in the remaining fields to display in the selected language.
Languages on the list reflect those that are configured in the access profile.
Form Header Text
Specifies the text that appears at the top of the logon box.
Logon Page Input Field #
number
Specifies the text to display for each input field (number 1 through 4) that is defined in the Logon Page Agent area with
Type
set to other than
none
.
Input Field #
number
Values
Specifies values that are used to label radio buttons (for the radio type of logon page input field) or values to include on a list (for the select type of logon page input field).
Logon Button
Specifies the text that appears on the logon button, which a user clicks to post the defined logon agents.
Front Image
Specifies an image file to display on the logon page. The
Replace Image
link enables customization and the
Revert to Default Image
discards any customization and use the default logon page image.
Save Password Check Box
Specifies the text that appears adjacent to the check box that allows users to save their passwords in the logon form. This field is used only in the secure access client, and not in the web client.
New Password Prompt
Specifies the prompt displayed when a new Active Directory password is requested.
Verify Password Prompt
Specifies the prompt displayed to confirm the new password when a new Active Directory password is requested.
Password and Password Verification do not Match
Specifies the warning that the user sees when the passwords typed in the
New Password Prompt
and
Verify Password Prompt
boxes do not match.
Don't Change Password
Specifies the prompt displayed when a user should not change password.
Change Password
Specifies the message that is displayed to the user when they need to change the password.
Logon Page Original URL
Specifies the text to display in a link for a user who is already logged on.
Yes
Specifies a possible response to a logon page query or challenge.
No
Specifies a possible response to a logon page query or challenge.