HTTP - user identification

NAM Console ► NAM Probe Configuration ► Global ► Front-End Monitoring ► Web ► HTTP ► User Identification

It is assumed for this task that you have already created one or more user-defined software services for this protocol and that you are familiar with how to access global settings for user identification for HTTP and with user identification rule settings for a specific service.

Skill level: advanced user

This screen offers functionality suitable for expert users.

  • If you are new to software services, start with Software services for beginners before you come here.
  • If you want to monitor a well-known software service, start with Autodiscovered Software Services to see if your work has already been done for you.
  • If you find you still need to define your own software service, try to use the wizard or a template to walk you through the process. You can always use the manual screens to tweak a software service after you create it with the wizard. See Software Services for details.

Access

Global level:

  1. In NAM Console ► Deployment ► Manage devices, select NAM Probe Configuration ► Open configuration.
  2. On the NAM Probe Configuration screen, select GlobalFront-End Monitoring ► Web ► HTTP ► User Identification.

Software service level:

  1. In NAM Console ► Deployment ► Manage devices, select NAM Probe Configuration ► Open configuration.
  2. On the NAM Probe Configuration screen, select Software Services ► User-Defined Software Services.
  3. On the User-Defined Software Services screen, select the software service for which you configure user identification.
  4. Right-click in the Rules table and select Add (to create a rule) or Open to edit the selected rule.
  5. On the Edit Rule screen, switch to the User Name Recognition tab.

At this point, the screens are essentially identical:

  • Policies is a list of user identification policies you have created.
  • Defined search patterns is a list of rules associated with the selected policy.
  • Enable user name recognition is check box that appears at the software service level, not at the global level. User name recognition cannot be disabled at the global level.

Configuration

Ensure that the HTTP analyzer is set to HTTP mode.

The enhanced method of extracting and processing user identification for HTTP can be configured globally for all HTTP software services configured on NAM Probes set to work in HTTP Mode, or it can be configured for a specific user-defined software service on the User Name Recognition tab.

  1. Open the User Name Recognition screen for one user-defined software service or open the corresponding screen for global settings.
    See the Access section above.
  2. If you are configuring just one service, select or clear Enable user name recognition.
    • Clearing this check box disables it for this service only, regardless of any global settings for HTTP.
    • Selecting this check box gives you the choice of using global settings or of selecting settings specific to the selected service.
    • Service-specific settings always take precedence over global settings.
  3. Select a search policy.
    A policy is a container (a name) for a set of detection rules. Right-click in the Policies table and select Add or Edit to add a new policy or edit an existing policy.

    A new policy (called NewPolicy1) by default is created. You can type over the default name to rename your policy.

Adding user name rules to a policy

  1. On the User Name Recognition tab, select a policy in the Policies table.
    The Defined search patterns table lists all user name rules associated with the selected policy.
  2. Right-click in the Defined search patterns table and select Add to add a rule.
    (Or right-click an existing row and select Open to edit an existing rule.)
    The User Recognition Rule Definition window is displayed. At least one user rule is required per user recognition policy.
  3. In the Choose a type of user recognition rule section, select the Rule type.
    • Acknowledge URL (User session context, acknowledge URL)
      The user name recognition is performed in the context of a particular user session and a login is validated by redirection to a special acknowledge URL. All monitored hits must contain the session ID, but only the ACK hit is the first one to contain the user name. Besides user and session ID rules, you need to provide the acknowledge URL (as described in the procedure) for the NAM Probe to be able to discover a user session and retrieve the user name.
    • Session ID (User session context)
      The user name recognition is performed in the context of a particular user session. All monitored hits must contain the session ID, but only a single login hit contains the user name. Besides user detection rules, you need to define session ID rules as well.
    • User Name (Non-context)
      User name recognition is performed per hit, so each hit must contain a user name. You only need to add user detection rules as described above.
  4. In the Choose where to search for a value section, set Search in to the place where the user identification function will search for a user identification.
    You can retrieve the user names and session identifiers from a number of entities, referred to as search scopes. These are not displayed for the Acknowledge URL rule type.
    • Cookie
    • Request URL
    • Request body
    • Request header
    • Request parameters
    • Response body
    • Response header
  5. Optional : Configure the Host and path settings. Enter the following to filter the traffic used for user name recognition. Host pattern
    Server host name. Path pattern
    The leading part of a URL. Only hits beginning with this string will be matched.
    This parameter is optional. If it is not specified, the path is assumed to be “/ ” and it will match any requested URL.
  6. Configure the search and transformation rules to be applied. It is sometimes difficult to perform a successful match resulting in a legible string in one pass. In such situations, you can perform further transformations to your initial search result. Right-click a row in the Apply following search and transformation rules table and select Add or Open. Search or transformation rule definition dialog opens.
  7. Advanced settings Match only when response has one of the indicated HTTP status codes. The HTTP status codes can be defined by providing the HTTP status code range. Use the official HTTP status codes to narrow down qualifying responses.
    1. (100 - 200) Informational
    2. (200 - 300) Success
    3. (300 - 400) Redirection
    4. (400 - 500) Client error
    5. (500 - 600) Server error

Detecting single sign on (SSO) users

If you have a SSO user across various software services, you can report that person as the same user:

Configure the first software service to detect a user associating that person with particular cookie value. You need to define a search pattern matching a particular cookie value.

When defining other software services, make sure the following conditions are met.

  1. You keep the same name of the policy.
  2. The cookie name may vary among software services.
  3. The cookie value you search for must be the same as in the original software service.