Forum Discussion

Nimbostratus

Sep 23, 2013

Authentication access policy for intranet site / APM Module

Hi there, I've got a requirement for a new APM access policy, so I thought I'd field the question here. Has anyone got experience with the following type of requirements? I've got an intran...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Sep 29, 2013

Apologies, haven't had a chance to explore some of the more detailed questions. The first, and probably easiest approach is to simply disable the access policy until the user requests a trigger URI. Assign your access policy to the VIP and use an iRule like the following:

when HTTP_REQUEST {    
    if { not ( [class match [stringt tolower [HTTP::uri]] starts_with my_uri_dg] ) } {
        ACCCESS::disable
    }
}

The access policy evaluation will only happen once, so once the user triggers it with a special URI request, they'll have a session cookie available for any other special access URIs. Just configure the access policy as you normally would.

I'll be working on the second part of your question Monday morning (switching between Kerberos and form logon).

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)