Because the subsequent requests refer to the variable, you will not have to set the token in the header of the following requests.Ĭlick the Step 4: Set Authentication Token Timeout item in the Lab 1.2 Postman folder. Update the value for bigip_a_auth_token by Pasting ( Ctrl + V) in your auth token:Ĭlick the Update button and then close the Manage Environments window. Click the Environment menu in the top right of the Postman window and click Manage Environments:Ĭlick the F5 Programmability: Class 1 item: We will now update your Postman environment to use this auth token for the remainder of the lab. If your request is successful, you should see a 200 OK status and a listing of the ltm Organizing Collection. This header is required to be sent on all requests when using token-based authentication.Ĭlick the Send button. Click the Headers tab and paste the token value copied above as the VALUE for the X-F5-Auth-Token header. Find the token attribute and copy it into your clipboard ( Ctrl + C) for use in the next step.Ĭlick the Step 3: Verify Authentication Works item in the Lab 1.2 Postman collection. The various attributes show the parameters assigned to the particular token. Once you receive a 200 OK status code, examine the Response Body. If the status code is 401 then check your credentials: If authentication succeeded and a token was generated, the response will have a 200 OK status code. Then click the Send button.Įxamine the response status code. Modify the JSON Body and add the required credentials Notice that we send a POST request to the /mgmt/shared/authn/login endpoint.Ĭlick the Body tab and examine the JSON that we will send to BIG-IP to provide credentials and the authentication provider: Send the request again and examine the response:Ĭheck the Test Results tab and notice that our Unit Tests for this request are now failing (as expected):įor more information about external authentication providers see the section titled About external authentication providers with iControl REST in the iControl REST API User Guide available at (v13)Ĭlick the Step 2: Retrieve Authentication Token item in the Lab 1.2 Update the credentials and specify an INCORRECT password. This is because Postman automatically created the HTTP header and updated your request to include it.Ĭlick the Body tab, if the request succeeded you should be presented with a listing of the /mgmt/tm/ltm Organizing Collection:Ĭlick the Test Results tab and ensure all the tests for this request have passed: Notice that the number of Headers in the Headers tab changed from 1 to 9. Fill in the username and password ( admin/Agility2020!) and click the Send button:Ĭlick the Headers tab and examine the HTTP header. Click the Authorization tab and select Basic Auth as the Type. Perform the following steps to complete this task:Ĭlick the Collections tab on the left side of the screen, expand the F5 Programmability: Class 1 collection on the left side of the screen, expand the Lab 1.2 - API Authentication & `example` Templates folder:Ĭlick the Step 1: HTTP BASIC Authentication item. TRIVIAL as a result, API calls should always be performed using HTTPS encryption (F5 default) with a certificate signed by authority rather than HTTP. It should be noted that cracking this method of authentication is The mechanism this method uses is to insert an HTTP header named Authorization with a value that is built by Base 64 encoding the string. As its name implies, this method ofĪuthentication encodes the user credentials via the existing BASICĪuthentication method provided by the HTTP protocol. In this task, we will use the Postman client to send API requests using Paste the following URL into the text box and click Import To import a Postman Collection, click the Import button in the top left of the Postman windowĬlick the Import from Link tab. This Postman collection can then be shared and imported. Verify your client is configured to allow self-signed certificates byĮnsuring that the SSL certificate verification setting is set to OFFĬlick the X in the top right of the Settings windowĪ Postman Collection lets you group individual REST requests. Open the Postman Settings windows by clicking File > Settings: To allow connections with self-signed certificates, we need to modify the default settings of Postman. However, by default, BIG-IP and many other devices use a self-signed certificate for SSL/TLS connections. Prompted to update the client please click the Remind me later button to skip updating the version installed in your lab environmentīy default, the Postman client requires verification of SSL/TLS Certificates to a public Root Certificate Authority. The Postman client receives frequent updates.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |