Fortinet black logo

Script Reference Guide

Home FortiADC 7.2.4 Script Reference Guide
7.2.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.4
7.2.0
6.2.0
5.4.1
5.4.0
5.3.0

Authentication commands

Authentication commands

Authentication (AUTH) commands contain functions related to authentication and login:

AUTH:get_baked_cookie() — Allows you to retrieve the baked cookie.

AUTH:set_baked_cookie(cookie) — Allows you to customize the cookie attribute of the baked cookie.

AUTH:on_off() — Returns whether authentication is required or not.

AUTH:success() — Returns whether authentication is successful or not.

AUTH:form_based() — Returns whether the authentication is HTTP form based or not.

AUTH:user() — Returns the user name in the authentication.

AUTH:pass() — Returns the password in the authentication.

AUTH:usergroup() — Returns the usergroup which the user belong to.

AUTH:realm() — Returns the realm in the authentication.

AUTH:host() — Returns the host in the authentication.

AUTH:set_usergroup() — Sets a new user group that is configured in the current authentication policy.

AUTH:get_baked_cookie()

Allows you to retrieve the baked cookie.

Syntax

AUTH:get_baked_cookie();

Arguments

N/A

Example

when COOKIE_BAKE {
cookie = AUTH:get_baked_cookie()
debug(“Get cookie: %s\r\n”, cookie)
}
Result:
Get cookie: Set-Cookie: FortiADCauthSI=lfGnC2gsl7xsbAg4JFs94e4CJfFXaP3U5z6QHvo7n08cCoT5MdtQog2LmcizPo3aRiBHY/RThhocqG+DdnvsCLFJh3nBUoLeuYjGK9lY5L4=|W86hXGg; expires=Tue 23 Oct 2018 04:19:45 GMT; domain=10.1.0.99; path=/

FortiADC version: V5.2

Used in events: AUTH_RESULT

AUTH:set_baked_cookie(cookie)

Allows you to customize the cookie attribute of the baked cookie.

Syntax

AUTH:set_baked_cookie(cookie);

Arguments
Name Description

cookie

A string which specifies the baked cookie.
Example

when COOKIE_BAED {
cookie = AUTH:get_baked_cookie()
new_cookie = cookie..”; Mick-Test:123444444”
status = AUTH:set_baked_cookie(new_cookie)
debug(“Set baked cookie, status: %s\n”, status)
}
Result:
Set baked cookie, status: true

FortiADC version: V5.2

Used in events: AUTH_RESULT

AUTH:on_off()

Returns whether authentication is required or not.

Syntax

AUTH:on_off();

Arguments

N/A

Example

when AUTH_RESULT {
on_off = AUTH:on_off()
succ = AUTH:success()
fm = AUTH:form_based()
user = AUTH:user()
pass = AUTH:pass()
userg = AUTH:usergroup()
realm = AUTH:realm()
host = AUTH:host()
debug(“authentication form based %s, on_off %s, success %s, the user %s, pass %s, realm %s, the usergroup %s, host %s\n”, fm, on_off, succ, the user, pass, realm, the userg, host)
}
Result:
authentication form based true, on_off true, success true, the user test, pass test, realm Form333333, the userg test, host 10.1.0.99

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:success()

Returns whether authentication is successful or not.

Syntax

AUTH:success();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:form_based()

Returns whether the authentication is HTTP form based or not.

Syntax

AUTH:form_based();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:user()

Returns the user name in the authentication.

Syntax

AUTH:user();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:pass()

Returns the password in the authentication.

Syntax

AUTH:pass();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:usergroup()

Returns the user group which the user belong to.

Syntax

AUTH:usergroup();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:realm()

Returns the realm in the authentication.

Syntax

AUTH:realm();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:host()

Returns the host in the authentication.

Syntax

AUTH:host();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:set_usergroup()

Sets a new user group that is configured in the current authentication policy. A new realm can also be set at the same time. It returns true if successful, otherwise, false. A realm name and a user group name are needed as input parameters.

The user group specified by the function must be in the authentication policy referenced by the VS. The result specified by the new user group will override the authentication result of the original authentication policy.

Syntax

AUTH:set_usergroup(“RealmName”, "UserGroupName");

Arguments
Name Description

RealmName

The name of the new realm to be set. (Lua string with maximum length of 63).

UserGroupName

The name of the user group to be set. (Lua string with maximum length of 63, must also comply with original definition of user group).
Example
when BEFORE_AUTH {
    r = AUTH:set_usergroup(“Realm02”, "UserGroup02");
   debug("set_usergroup successfully? %s\n", tostring(r));
}

FortiADC version: V7.2

Used in events: BEFORE_AUTH

Previous
Next

Authentication commands

Authentication (AUTH) commands contain functions related to authentication and login:

AUTH:get_baked_cookie() — Allows you to retrieve the baked cookie.

AUTH:set_baked_cookie(cookie) — Allows you to customize the cookie attribute of the baked cookie.

AUTH:on_off() — Returns whether authentication is required or not.

AUTH:success() — Returns whether authentication is successful or not.

AUTH:form_based() — Returns whether the authentication is HTTP form based or not.

AUTH:user() — Returns the user name in the authentication.

AUTH:pass() — Returns the password in the authentication.

AUTH:usergroup() — Returns the usergroup which the user belong to.

AUTH:realm() — Returns the realm in the authentication.

AUTH:host() — Returns the host in the authentication.

AUTH:set_usergroup() — Sets a new user group that is configured in the current authentication policy.

AUTH:get_baked_cookie()

Allows you to retrieve the baked cookie.

Syntax

AUTH:get_baked_cookie();

Arguments

N/A

Example

when COOKIE_BAKE {
cookie = AUTH:get_baked_cookie()
debug(“Get cookie: %s\r\n”, cookie)
}
Result:
Get cookie: Set-Cookie: FortiADCauthSI=lfGnC2gsl7xsbAg4JFs94e4CJfFXaP3U5z6QHvo7n08cCoT5MdtQog2LmcizPo3aRiBHY/RThhocqG+DdnvsCLFJh3nBUoLeuYjGK9lY5L4=|W86hXGg; expires=Tue 23 Oct 2018 04:19:45 GMT; domain=10.1.0.99; path=/

FortiADC version: V5.2

Used in events: AUTH_RESULT

AUTH:set_baked_cookie(cookie)

Allows you to customize the cookie attribute of the baked cookie.

Syntax

AUTH:set_baked_cookie(cookie);

Arguments
Name Description

cookie

A string which specifies the baked cookie.
Example

when COOKIE_BAED {
cookie = AUTH:get_baked_cookie()
new_cookie = cookie..”; Mick-Test:123444444”
status = AUTH:set_baked_cookie(new_cookie)
debug(“Set baked cookie, status: %s\n”, status)
}
Result:
Set baked cookie, status: true

FortiADC version: V5.2

Used in events: AUTH_RESULT

AUTH:on_off()

Returns whether authentication is required or not.

Syntax

AUTH:on_off();

Arguments

N/A

Example

when AUTH_RESULT {
on_off = AUTH:on_off()
succ = AUTH:success()
fm = AUTH:form_based()
user = AUTH:user()
pass = AUTH:pass()
userg = AUTH:usergroup()
realm = AUTH:realm()
host = AUTH:host()
debug(“authentication form based %s, on_off %s, success %s, the user %s, pass %s, realm %s, the usergroup %s, host %s\n”, fm, on_off, succ, the user, pass, realm, the userg, host)
}
Result:
authentication form based true, on_off true, success true, the user test, pass test, realm Form333333, the userg test, host 10.1.0.99

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:success()

Returns whether authentication is successful or not.

Syntax

AUTH:success();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:form_based()

Returns whether the authentication is HTTP form based or not.

Syntax

AUTH:form_based();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:user()

Returns the user name in the authentication.

Syntax

AUTH:user();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:pass()

Returns the password in the authentication.

Syntax

AUTH:pass();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:usergroup()

Returns the user group which the user belong to.

Syntax

AUTH:usergroup();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:realm()

Returns the realm in the authentication.

Syntax

AUTH:realm();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:host()

Returns the host in the authentication.

Syntax

AUTH:host();

Arguments

N/A

Example

Please refer to command AUTH:on_off() example.

FortiADC version: V5.2

Used in events: AUTH_RESULT / HTTP_REQUEST / HTTP_DATA_REQUEST / HTTP_RESPONSE / HTTP_DATA_RESPONSE

AUTH:set_usergroup()

Sets a new user group that is configured in the current authentication policy. A new realm can also be set at the same time. It returns true if successful, otherwise, false. A realm name and a user group name are needed as input parameters.

The user group specified by the function must be in the authentication policy referenced by the VS. The result specified by the new user group will override the authentication result of the original authentication policy.

Syntax

AUTH:set_usergroup(“RealmName”, "UserGroupName");

Arguments
Name Description

RealmName

The name of the new realm to be set. (Lua string with maximum length of 63).

UserGroupName

The name of the user group to be set. (Lua string with maximum length of 63, must also comply with original definition of user group).
Example
when BEFORE_AUTH {
    r = AUTH:set_usergroup(“Realm02”, "UserGroup02");
   debug("set_usergroup successfully? %s\n", tostring(r));
}

FortiADC version: V7.2

Used in events: BEFORE_AUTH

Previous
Next