Authentication and authorization: how to force an iRule to connect to a server on Internet via HTTPS?

Let's say I have a server on Internet (let's call it CRED), which receives a request, checks if access is allowed and responses with some data (allow access or reject).

 

I have an LTM with a lots of web servers running an application. Every time a user communicates with my application, a web application needs to make a request to CRED to see if the user is allowed to see requested content.

 

CRED is like 3rd party authentication and authorization server.

 

I want to write an iRule, which will keep track of user connections and can check if an user is allowed to request the content.

 

I have played with "Sideband Connections" https://devcentral.f5.com/articles/v11-irules-intro-to-sideband-connections, and I managed to write iRule based on the example which connects to CRED and makes HTTP request.

 

The problem is that it makes raw connections and it won't work with SSL (HTTPS). I need to negotiate an SSL handshake before I can do requests like "GET /mypage/myindex2.html HTTP/1.0\r\n\r\n".

 

To sum up, that's what I want:

 

1. A user makes a request to my web app via LTM
2. A request comes on LTM and hit an iRule
3. The iRule establishes a SSL connection to CRED on Internet, on port 443.
4. After connection is established, the iRule makes a request like "GET /mypage/myindex2.html HTTP/1.0\r\n\r\n"
5. The iRule receives data and closes the connection to CRED
6. The iRule makes a decision if a user is allowed to see requested url.
7. The user gets requested data or his session is rejected/forwarded to another page.

What is the best way to implement it?