APM Sharepoint authentication

Problem this snippet solves: Updated version to support Webdav with windows explorer after Nicolas's comment. APM is a great authentication service but it does it only with forms. The default be...
Published Apr 20, 2016
Version 1.0
BIG-IP Access Policy Manager (APM)
editing office documents
iRules
ms-ofba
programmability contest
security
sharepoint
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Sep 15, 2016

OK,

I did not see what did your irule. I now understand what you mean.

I think usage of 

[ACCESS::user getsid $user_key]
with password hash is as secure as usage of session cookie.

there is the same security issue if the account is locked after the user signed on logon page.

the irule does not use username and password to authenticate but as a fingerprint to be sure this is the same user as the previous session, and reuse the same session, like session cookie does.

that's why I was thinking about insert client ip in the fingerprint as in exchange irule.