Manual Chapter :
About OAuth Logon
Applies To:
Show Versions
BIG-IP APM
- 15.0.1, 15.0.0
About OAuth Logon
The OAuth logon page action prompts for a user name and password, or other
identifying information. This action creates a logon page in a per-session policy (or in a
per-request policy subroutine), and is typically added before the authentication action that
checks the credentials provided on the logon page. The logon page action provides customizable
fields and enables localization.
The OAuth logon page action provides these configuration options and
elements.
When configured in a per-request subroutine, some screen
elements and options described here might not be available.
- Split domain from full username
- SpecifiesYesorNo.
- Yes- specifies that when a username and domain combination is submitted (for example,marketing\jsmithorjsmith@marketing.example.com), only the username portion (in this example,jsmith) is stored in the session variablesession.logon.last.username.
- No- specifies that the entire username string is stored in the session variable.
- CAPTCHA configuration
- Specifies a CAPTCHA configuration to present for added CAPTCHA security on the logon page.
- Type
- Specifies the type of logon page input field:text,password,select,checkbox, ornone.
- textDisplays a text field, and shows the text that is typed in that field.
- passwordDisplays an input field, but displays the typed text input as asterisks.
- selectDisplays a list. The list is populated with values that are configured for this field.
- checkboxDisplays a check box.
- radioDisplays radio buttons; users select among buttons labeled with values that they configure for this field.
- noneSpecifies that the field is not displayed on the logon page.
- Post Variable Name
- Specifies the variable name that is prepended to the data typed in the text field. For example, the POST variableusernamesends the user name inputomaasas the POST stringusername=omaas.
- Session Variable Name (or Subsession Variable Name)
- Specifies the session variable name that the server uses to store the data typed in the text field. For example, the session variableusernamestores the username inputomaasas the session variable stringsession.logon.last.username=omaas.A per-request policy subroutine uses subsession variables in place of session variables.
- Clean Variable
- Specifies whether to clear any value from the variable before presenting the logon page to the user; to clean the variable, selectYes. Defaults toNo.
- Values
- Specifies values for use for aselectorradiotype logon page input field. To configure values, click the field. A popup window opens where users can specify values and any text that they want to display in place of a value.
- Read Only
- Specifies whether the logon page agent is read-only, and always used in the logon process as specified. You can useRead Onlyto add logon POST variables or session variables that you want to submit from the logon page for every session that uses this access policy, or to populate a field with a value from a session variable. For example, you can use the On-Demand Certificate agent to extract theCN(typically the user name) field from a certificate, then you can assign that variable tosession.logon.last.username. In the logon page action, you can specifysession.logon.last.usernameas the session variable for a read only logon page field that you configure. When Access Policy Manager displays the logon page, this field is populated with the information from the certificateCNfield (typically the user name).
Additionally, customization options specify text and an image to display on
the screen.
- Import
- ClickImportto import a previously exported logon customization file.
- Language
- Specifies the language to use to customize this logon page. Selecting a language causes the content in the remaining fields to display in the selected language.Languages on the list reflect those that are configured in the access profile.
- Form Header Text
- Specifies the text that appears at the top of the logon box.
- Logon Page Input Field #number
- Specifies the text to display for each input field (number 1 through 4) that is defined in the Logon Page Agent area withTypeset to other thannone.
- Input Field #numberValues
- Specifies values that are used to label radio buttons (for the radio type of logon page input field) or values to include on a list (for the select type of logon page input field).
- Logon Button
- Specifies the text that appears on the logon button, which a user clicks to post the defined logon agents.
- Front Image
- Specifies an image file to display on the logon page. TheReplace Imagelink enables customization and theRevert to Default Imagediscards any customization and use the default logon page image.
- Save Password Check Box
- Specifies the text that appears adjacent to the check box that allows users to save their passwords in the logon form. This field is used only in the secure access client, and not in the web client.
- New Password Prompt
- Specifies the prompt displayed when a new Active Directory password is requested.
- Verify Password Prompt
- Specifies the prompt displayed to confirm the new password when a new Active Directory password is requested.
- Password and Password Verification do not Match
- Specifies the warning that the user sees when the passwords typed in theNew Password PromptandVerify Password Promptboxes do not match.
- Don't Change Password
- Specifies the prompt displayed when a user should not change password.
- Change Password
- Specifies the message that is displayed to the user when they need to change the password.
- Logon Page Original URL
- Specifies the text to display in a link for a user who is already logged on.
- Yes
- Specifies a possible response to a logon page query or challenge.
- No
- Specifies a possible response to a logon page query or challenge.
