APM Sharepoint authentication
Cumulonimbus
NimbostratusThank you for sharing, it has got me a long way to a successful configuration.
I have built up a sharepoint installation using SSO with PKI to Kerberos. So the user presents there certificate because of client ssl profile. After client cert inspection and OCSP in access profile a SSO configuration does the Kerberos lookup to pass to SharePoint.
Now I have added OWA on a separate VIP which also checks client certificate.
The iRule takes care of switching to clientless mode when OWA connects to SharePoint VIP. I have modified it to also check for the OWA request is from a known list. I have modified the access policy to bypass client cert inspection based on above change to iRule. I also found I had to switch to clientless mode when user-agent = microsoft office protocol discovery.
I don't think I have any forms based authentication so I have removed that code from the iRule.
What I would be interested in is some commentary as to how the iRule works please. Are you able to share the access policy as well please? Thank you.