Rules for HTML forms-based authentication

Add rules to define an HTML forms login policy named mpgw-form for HTML forms-based authentication.

You create the mpgw-form policy as part of the process of defining a multi-protocol gateway. See Integrating with DataPower as a security gateway and reverse proxy, Table 1.

Table 1. HTTP Form-Based Login properties
Property	Value
Policy Name	`mpgw-form`
Order of configured rules	`mpgw-form_rule_0`: see Table 2 `mpgw-form_rule_1`: see Table 3 `mpgw-form_rule_2`: see Table 4 `mpgw-form_rule_3`: see Table 5 `mpgw-form_rule_6`: see Table 6

Table 2. Properties of `mpgw-form_rule_0`. This rule skips processing with the icon that is associated with the web site or the web page.
Property	Value
Direction	Client to Server or Both Directions.
Match	Type = URL Pattern = /favicon.ico
Advanced	"Set Variable" -> `var://service/mpgw/skip-backside = 1`
Result	Not applicable.

Table 3. Properties of `mpgw-form_rule_1`. This rule verifies an LTPA token if it exists in the HTTP request.
Property	Value
Direction	Client to Server.
Match	Type = HTTP HTTP header tag = Cookie HTTP value match = LtpaToken
AAA	VerifyLTPA Output: NULL
Result	Not applicable.

Table 4. Properties of `mpgw-form_rule_2`. This rule generates the HTML form login page.
Property	Value
Direction	Client to Server.
Match	Match with PCRE = on Type = URL Pattern = `/(Login\|Error)Page\.htm(l)?(\?originalUrl=.*)?`
Transform	Provide a custom stylesheet that builds either a Login or Error HTML page. For a sample stylesheet, see Sample form login stylesheet. Note: The HTML Login Form policy allows you to specify whether you retrieve the login and error pages from DataPower or from the back-end application server.
Advanced	Select the set-var action and specify the service variable: `var://service/routing-url` and value with the endpoint of your login page.
Result	Not applicable.

Table 5. Properties of `mpgw-form_rule_3`. This rule handles end-user authentication if an LTPA token does not exist.
Property	Value
Direction	Client to Server.
Match	Type = URL Pattern = *
Advanced	"Convert Query Parameter to XML". Accept default values for other selections.
AAA	Form2LTPA

Table 6. Properties of `mpgw-form_rule_6`. This rule handles both the redirect and content-type reset on the response side.
Property	Value
Direction	Server to Client.
Match	Type = URL Pattern = *
Filter	Provide a custom stylesheet that handles redirect and content-type rewrite. For a sample redirect stylesheet, see Sample redirect stylesheet. Output: NULL
Result	Not applicable.