Forum Discussion
uni
Altocumulus
AltocumulusBasic auth to authenticate against AD
Can I use APM to request basic auth for a virtual server, and have the credentials authenticated against AD? The pool member server has no authentication.
I've seen Kevin's article https://devce...
Stanislas_Piro2
Cumulonimbus
CumulonimbusHi,
- Basic Auth is supported by APM and provide username / Password
- AD Auth is supported by APM which require username / Password
So Basic Auth against AD is supported..
Basic auth can be activated in 2 modes:
-
default behavior of APM is
- redirect user to /my.policy
- request 401 authentication
- authenticate provided credentials against authentication server
- redirect user to Landing URI
-
Clientless mode
- request 401 authentication within an irule
- authenticate provided credentials against authentication server
- allow user if authenticated
Clientless mode has some limitations:
- POST are limited to 64KB (extendable to 25MB)
- not available without irule
you can use the following irule to use clientless mode
when RULE_INIT {
set static::Basic_Realm_Text "Web Services Authentication"
}
when HTTP_REQUEST {
set apmsessionid [HTTP::cookie value MRHSession]
if { [HTTP::cookie exists "MRHSession"] } {set apmstatus [ACCESS::session exists -state_allow $apmsessionid]} else {set apmstatus 0}
if {!($apmstatus)} {
Insert Clientless-mode header to start APM in clientless mode
if { [catch {HTTP::header insert "clientless-mode" 1} ] } {log local0. "[IP::client_addr]:[TCP::client_port] : TCL error on HTTP header insert clientless-mode : URL : [HTTP::host][HTTP::path] - Headers : [HTTP::request]"}
}
}
when ACCESS_POLICY_COMPLETED {
Authentication request for non bowser user-agent session denied
if { ([ACCESS::policy result] equals "deny") } {
ACCESS::respond 401 noserver WWW-Authenticate "Basic realm=\"$static::Basic_Realm_Text\"" Connection close
ACCESS::session remove
return
}
}
