APM Sharepoint authentication

Problem this snippet solves: Updated version to support Webdav with windows explorer after Nicolas's comment. APM is a great authentication service but it does it only with forms. The default be...
Published Apr 20, 2016
Version 1.0
BIG-IP Access Policy Manager (APM)
editing office documents
iRules
ms-ofba
programmability contest
security
sharepoint
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Sep 14, 2016

Kai,

instead of creating a variable with previous user agent, you can check if the variable authschema exists

if { [info exists authschema] } then {
     Do nothing, keep previous request authschema value
} elseif { ( [HTTP::header value "X-FORMS_BASED_AUTH_ACCEPTED"] equals "t" ) or 
    ( [HTTP::header value "X-FORMS_BASED_AUTH_ACCEPTED"] equals "f" ) } then {

    
     Enumerate explicit MS-OFBA authentication capabilities
     Background: https://msdn.microsoft.com/en-us/library/office/cc313069(v=office.12).aspx
    


     Explicit MSOFBA support detected. 
    set authschema "ms-ofba"

} else {

    
     Enumerate implicit MS-OFBA authentication capabilities
     Background: https://msdn.microsoft.com/en-us/library/office/cc313069(v=office.12).aspx
     

    switch -glob -- [string tolower $last_ua_agent] "*office protocol discovery*" - \
      "*microsoft office*" - \
      "*microsoft data access internet publishing provider*" - \
      "*non-browser*" - \
      "msoffice 12*" - \
      "*microsoft-webdav-miniredir*" - \
      {*ms frontpage 1[23456789]*} {

         Implicit MSOFBA support detected.   
        set authschema "ms-ofba"

    } "*ms frontpage*" {

         Legacy client detected
        set authschema "legacy"

    } "*mozilla*" - \
      "*opera*" {

         Regular web browser detected.  
        set authschema "browser"

    } default { 

         Unknown user-agent detected. 
        set authschema "legacy"

    }
}