Forum Discussion
Christoph_Fris1
Nimbostratus
NimbostratusAPM different authentication mechanism based on Hostname
Hello,
i wanted to know if it is possible to have for example two different authentication mechanism in one Access Profile and based on the URL which i enter the APM decides which one is used.
Configuration: - One virtual server, assigned with the ECA profile in order to use NTLM authentication ltm virtual vs_app-login-sso { description "App for LDAP Login and NTLM SSO" destination 10.254.3.181:https ip-protocol tcp mask 255.255.255.255 pool pool_app-qual profiles { Login_SSO { } clientssl-insecure-compatible { context clientside } eca { } http_redirect_rewrite_all { } rba { } tcp { } websso { } } rules { irule_ECA_NTLM_Auth } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 17 }
iRule: when HTTP_REQUEST { ECA::enable ECA::select select_ntlm:/Common/ntlm_auth }
And here is the Access Profile:
So the first entry point is "Landing URI", the profile should decide when i come with the Login URL it should use LDAP Login Page and if i come with the SSO URL it should use NTLM.
Both authentication are working when they are used in seperate profiles but not combined in one.
Is this possible or not? Hope everything is described clearly, if not just ask :)
Thanks, Christoph
Stanislas_Piro2Cumulonimbus
you can create a TLS servername based routing virtual server and one VS per hostname with dedicated policies.
- Stanislas_Piro2
Use following irule
when HTTP_REQUEST { if {[HTTP::path] starts_with "/ntlm_uri"} { ECA::enable ECA::select select_ntlm:/Common/ntlm_auth } }