2 Way SSL and SIDEBANDS usage in iRules

Question

I have a use case where we want to do client certificate authentication on the a Big-IP that is running as a stand alone ASM. Once we validate the certificate we want to have the Big-IP reach out and talk to a web authentication server and grab a token to insert in the HTTP packet to be able to send down to the application. I am trying to figure out the best method to manage all this. My first thought would be to use an iRule and SIDEBANDS to talk to the web server to get the token. I do not have any experience using this though and have pretty much stuck to fairly simple iRules up to this point. I would appreciate any thoughts on this or other ideas on how to accomplish this. We are already using proxy SSL for some other application but with restriction to RSA key exchanges only and some other issues it causes us down in the web server tiers it is not an option we want to pursue going forward.

arnaud_lemaire · Answer

Hello Mike, Sideband is definitively the good direction. if you provide some info on the authentication api i can help you to craft the request and parse the response. &nbsp;

nathe · Answer

Mike, did you get anywhere with this? It sounds like a similar dilemma that I've come across and am looking to design a solution around. &nbsp;

Forum Discussion

2 Way SSL and SIDEBANDS usage in iRules

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

iRules LX Sideband Connection - Handling timeouts

iRule sideband using HTTP/2

HTTP sideband policy checking

iRule datagroup sideband

iRule Sideband datagroup

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS