Forum Discussion

Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Oct 31, 2017

Hi,

Access Policy default behavior is to redirect to /my.policy even if authentication is Basic Auth in VPE.

you have to use an irule to insert clientless-mode header with value 1

try this irule with policy logon page - AD Auth - Allow

when RULE_INIT {
   set static::Basic_Realm_Text "Authentication Required"
}
when HTTP_REQUEST {
    if { ! [ info exists SP_PROFILE_RESTRICT_SINGLE_IP ] } {
        set SP_PROFILE_RESTRICT_SINGLE_IP        [PROFILE::access restrict_to_single_client_ip]
    } 
    if { ( [set sessionid [HTTP::cookie value "MRHSession"]] ne "" ) and ( [ACCESS::session exists -state_allow $sessionid] ) } then {
         Allow the successfully pre authenticated request to pass
        return
    } else {
        if { [ string match -nocase {basic *} [HTTP::header Authorization] ] == 1 } {
            set clientless(insert_mode) 1
            set clientless(src_ip)      [IP::remote_addr]
            set clientless(username)    [ string tolower [HTTP::username] ]
            set clientless(password)    [HTTP::password]
            if { $SP_PROFILE_RESTRICT_SINGLE_IP == 0 } {
                binary scan [md5 "$clientless(password)"] H* clientless(hash)
            } else {
                binary scan [md5 "$clientless(password)$clientless(src_ip)"] H* clientless(hash)
            }
            set user_key "$clientless(username).$clientless(hash)"
            set clientless(cookie_list)             [ ACCESS::user getsid $user_key ]
            if { [ llength $clientless(cookie_list) ] != 0 } {
               set clientless(cookie) [ ACCESS::user getkey [ lindex $clientless(cookie_list) 0 ] ]
               if { $clientless(cookie) != "" } {
                  HTTP::cookie insert name MRHSession value $clientless(cookie)
                  set clientless(insert_mode) 0
               }
           }
           if { $clientless(insert_mode) } {
               HTTP::header insert "clientless-mode" 1
           }
        }
    }
}

when ACCESS_SESSION_STARTED {
    if { [info exists user_key] } then {
        ACCESS::session data set {session.user.uuid} $user_key
    }        
    if { [info exists clientless] } then {        
         ACCESS::session data set {session.logon.last.username} $clientless(username)             
         ACCESS::session data set -secure {session.logon.last.password} $clientless(password)   
    }
}


when ACCESS_POLICY_COMPLETED {
    if { ([info exists "clientless_mode"]) && ($clientless_mode) && ([ACCESS::policy result] equals "deny") } {
        ACCESS::respond 401 noserver WWW-Authenticate "Basic realm=\"$static::Basic_Realm_Text\"" Connection close
        ACCESS::session remove
    } 
}