APM Sharepoint authentication
Problem this snippet solves: Updated version to support Webdav with windows explorer after Nicolas's comment.
APM is a great authentication service but it does it only with forms.
The default be...
Published Apr 20, 2016
Version 1.0
Stanislas_Piro2
Cumulonimbus
CumulonimbusStanislas_Piro2Cumulonimbus
Cumulonimbus
Kai_Wilke
MVP
MVPHi Stanislas,
Line 11-13: Personally I would make the setting independent of the APM profile configuration. This would allow to distinct between regular browser and MSOFBA clients (not restricted) and clientless access (Single-IP restricted). Furthermore I would recoment to always use the Single-IP mode for clientless access to reduce the security risks associated with the
[ACCESS::user getsid $user_key]Line 51: Okay, I got the intention behind. Maybe you should issue a
if { [catch {HTTP::payload replace 0 0 {}}] } then { return }HTTP_REQUESTHTTP_RESPONSELine 135-137: Also tested on TMOS v12.0 and it has worked like a charm for me.
Additional Note: I've identified a problem within the MSOFBA authentication. If the APM session of an MSOFBA client is removed (e.g. session timeout) the MSOFBA client will not be able to re-authenticate using MSOFBA a second time. Only a fresh persistent cookie will allow him to save pending document changes, which is unfortunately not very intuitive for the end user. I've already developed a mechanism to restore/create a minimalistic APM session on-the-fly based on selected session meta-data (e.g. Username, Language-Settings, SSO settings) utilizing an AES encrypted
MRHSession_RCheers, Kai