Oracle SSO/OID with Access Manger

I work with eparillo (Hi Ed!) - let me take it up a level and provide the functional requirements. In reality, we don't care about the asp script or the headers - we really just need to be able to get 2 types of users authenticated before they are sent to their requested URI. Here's the use case:

 

 

We have 2 types of users, "external" & "internal". Both can request a page from foo.com.

 

 

For the external user, on their first request, the external user is sent to a login form and upon successful login, is provided an authentication cookie and sent on to his originally requested page. The page the user requested physically sits on a server in our domain at xxx.corp.com. Subsequent http requests are checked for a valid auth cookie and sent to xxx.corp.com. We have this working - all is good.

 

 

For the internal user, on their first request, the internal user needs to NOT be sent to the login page - they need to be sent to a page on a different server (yyy.corp.com) that will provide them an auth cookie via integrated windows authentication (IWA). After successfully getting the auth cookie, they need to be sent along to the originally requested page at xxx.corp.com.

 

 

All URIs seen by the client need to remain as foo.com NOT xxx.corp.com. We know how to get the authentication pieces - we have IWA and the login form working to return the correct auth cookie (this is based on the Oracle Identity Management suite). What we don't know how to do is have an iRule that can figure out how to handle the internal user's need to hit the yyy.corp.com server so that the IAW will provide the auth cookie THEN after you have the auth cookie, redirect to the originally requested page on xxx.corp.com.

 

 

Does this make sense?