APM Sharepoint authentication

Problem this snippet solves: Updated version to support Webdav with windows explorer after Nicolas's comment. APM is a great authentication service but it does it only with forms. The default be...
Published Apr 20, 2016
Version 1.0
BIG-IP Access Policy Manager (APM)
editing office documents
iRules
ms-ofba
programmability contest
security
sharepoint
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Sep 14, 2016

the use of 

[ACCESS::user getsid $user_key]
is not a big issue.

in ACCESS_SESSION_STARTED, the session uuid is changed from default tmm.policyname.logonname to username."md5 of user password"

if { [ info exists user_key ] } {
  ACCESS::session data set "session.user.uuid" $user_key
}

so, when a new request comes with same username and password and without session cookie, APM will not create a new session if a previous one exists with the same username / password.

This is first created for active sync to prevent multiple access session for one user.

in the active sync, there is a option to insert in the hash the client ip address to prevent a user with multiple devices to share the same access session (this is the default behavior for active sync). this can be added in the irule.