Forum Discussion

Nimbostratus

Jul 13, 2014

Client side Kerberos with Portal Access List object

Hey There, Hoping somebody can help, tearing my hair out as usual. I have an access policy which performs the following: Browser matches IE -> IP Subnet Matches internal -> 401 responc...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Jul 14, 2014

Try that same code in the HTTP_REQUEST_RELEASE event with a standard VS and http profile:

when HTTP_REQUEST_RELEASE {   
    if {[HTTP::header exists Authorization]}{        
        HTTP::header remove Authorization   
    }   
}

The idea here is to remove the Kerberos Authorization header at the last possible moment before traffic is released to the server, with the assumption that this header is causing problems at the application.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)