Forum Discussion

Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Aug 22, 2016

Hi,

When clientless mode is enable, VPE become non-interactive.

You must include in the irule how to respond. you can use this irule (replace the 401 response by a logon page box)

when HTTP_REQUEST {
    set apmsessionid [HTTP::cookie value MRHSession]
        if { [HTTP::cookie exists "MRHSession"] } {set apmstatus [ACCESS::session exists -state_allow $apmsessionid]} else {set apmstatus 0}   
        if { !($apmstatus)} {
            if { [ string match -nocase {basic *} [HTTP::header Authorization] ] == 1 } {
                set clientless(insert_mode) 1
                set clientless(username)    [ string tolower [HTTP::username] ]
                set clientless(password)    [HTTP::password]
                binary scan [md5 "$clientless(password)"] H* clientless(hash)
                set user_key "$clientless(username).$clientless(hash)"
                set clientless(cookie_list)             [ ACCESS::user getsid $user_key ]
                if { [ llength $clientless(cookie_list) ] != 0 } {
                    set clientless(cookie) [ ACCESS::user getkey [ lindex $clientless(cookie_list) 0 ] ]
                    if { $clientless(cookie) != "" } {
                        HTTP::cookie insert name MRHSession value $clientless(cookie)
                        set clientless(insert_mode) 0
                    }
                }
             if { $clientless(insert_mode) } {
                HTTP::header insert "clientless-mode" 1
                HTTP::header insert "username" $clientless(username)
                HTTP::header insert "password" $clientless(password)
            }
            unset clientless
          } else {
            HTTP::respond 401 noserver WWW-Authenticate "Basic realm=\"[HTTP::host] Authentication\"" Set-Cookie "MRHSession=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/" Connection close
            return
            }
   }
}
when ACCESS_SESSION_STARTED {
    if { [info exists user_key] } then {
        ACCESS::session data set {session.user.uuid} $user_key
    }
}

when ACCESS_POLICY_COMPLETED {
   if { ([ACCESS::policy result] equals "deny") } {
    set host [ACCESS::session data get "session.network.name"]
      ACCESS::respond 401 noserver WWW-Authenticate "Basic realm=\"$host Authentication\"" Connection close
      ACCESS::session remove
   } 
}