Forum Discussion
Andrew_Chan_472
Nimbostratus
NimbostratusAPM support for web services
I have setup APM to perform certificate authentication and use LDAP query to check the user assigned with the certificate is a valid user. The client certificate authentication comes with LTM does no...
MiLK_MaNNimbostratus
NimbostratusAPM is obviously intended out of the box to support clients that support javascript, cookies etc.
There are definitely ways to do what you want, but it's going to be more than just bypassing the client check... you are also going to have to manually perform the cookie insertion that the APM automatically does to identify a user flow. We do this now for some of the in built iRules used for Microsoft Exchange clients like ActiveSync & Outlook Anywhere.
The basic principal in achieving this is to insert a HTTP header as such:
HTTP::header insert "clientless-mode" 1
This will force APM to bypass the logon page, and should continue with the SSL certificate check. You'll then need to form your own MRHSession cookie which is what the APM uses to track a valid user session.
Take a look at the system iRule _sys_APM_ExchangeSupport_main, which has been designed to perform this task. This uses a md5 hash of some TCL variables to form the MRHSession cookie which should be sufficient to uniquely identify the user session.
