APM Clientless certificate authentication

Problem this snippet solves: This code allow to configure certificate authentication with APM clientless-mode support. The APM behavior when configuring following condition is to disable clientles...
Published Nov 23, 2017
Version 1.0
application delivery
BIG-IP Access Policy Manager (APM)
certificate authentication
iRules
security
C_Ang's avatar
C_Ang
Icon for Nimbostratus rankNimbostratus
Apr 30, 2018

Hi Stanislas,

 

I have a situation that might be able to use this, but we do have an On-Demand Certificate Authentication in our APM policy. We now have a requirement to connect to this VIP on a specific URL for a SOAP-based web service. Unfortunately, the POST method with the SOAP payload is encountering the 302 redirects to /my.policy. By the time it gets to back to the original SOAP endpoint, the request has become a GET and the payload is no longer being transmitted.

 

Also, we are trying to do this with mutual TLS, but because of the On-Demand Certificate Authentication, the client certificate is not requested until at least the 3rd redirect (the one with my.policy?nonce=?????). Is there no way around this?

 

Thanks in advance for any direction you might be able to point me towards,

 

Charlie