Different auth type per path/user-agent/header?

Question

Hi,&nbsp;Is there a way to force different authentication methods for different paths under the same VS?Or do the same, but per user-agent? Say SAML for Browsers, NTLM for everything else.I can't see anything under the policy builder, so maybe irules can do it somehow?(I don't want to use per-request policies, if possible)&nbsp;Thanks&nbsp;

petewhite · Answer

APM has this in the VPE as a client side check ( client Type and Client OS ), or you can check the landing URI to do different auth for the different paths.

ricardo_duarte · Answer

VPE will not work for me.I want to do something similar to what the "Exchange Profile" does: /activesync is basic ; /mapi is ntlm ; owa is web auth, etc.But I can't match paths/urls on per-session requests... At least I cant find a way to do it.

ricardo_duarte · Answer

Would this be a good option?&nbsp;Create a Standard VS with the VIPThen create multiple Internal VS with the same pool servers but different APM policiesThen route to the internal VS from the Standard VIP with iRules&nbsp;

petewhite · Answer

Hi Ricardo,

Yes, it would – or you can use the landing URI session variable within a policy.

Forum Discussion

Different auth type per path/user-agent/header?

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Bolt-on Auth with NGINX Plus and F5 Distributed Cloud

Copper SFP Differences

different auth policies with different auth methods for different VIPs

HTTP auth - Calling external API with parameters

Unable to change auth source to rasidus

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS