Forum Discussion

Ricardo_Duarte's avatar
Ricardo_Duarte
Icon for Altostratus rankAltostratus
Nov 08, 2020

Different auth type per path/user-agent/header?

Hi,

 

Is there a way to force different authentication methods for different paths under the same VS?

Or do the same, but per user-agent? Say SAML for Browsers, NTLM for everything else.

I can't see anything under the policy builder, so maybe irules can do it somehow?

(I don't want to use per-request policies, if possible)

 

Thanks

 

  • APM has this in the VPE as a client side check ( client Type and Client OS ), or you can check the landing URI to do different auth for the different paths.

  • VPE will not work for me.

    I want to do something similar to what the "Exchange Profile" does: /activesync is basic ; /mapi is ntlm ; owa is web auth, etc.

    But I can't match paths/urls on per-session requests... At least I cant find a way to do it.

  • Would this be a good option?

     

    • Create a Standard VS with the VIP
    • Then create multiple Internal VS with the same pool servers but different APM policies
    • Then route to the internal VS from the Standard VIP with iRules

     

    • PeteWhite's avatar
      PeteWhite
      Icon for Employee rankEmployee
      Hi Ricardo, Yes, it would – or you can use the landing URI session variable within a policy.