Help
CodeShare
Have some code. Share some code.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

APM Kerberos Auth or fallback to another authentication method

Niels_van_Sluis
MVP
MVP

‎18-Nov-2019 07:11 - edited ‎26-Oct-2023 07:14

Problem this snippet solves:

This iRule can be used when it is required to offer both Kerberos authentication and for example SAML or another authentication method in a mixed environment for devices that are domain joined and devices that are not domain joined. This iRule uses javascript and HTML5 Web Workers to determine if the browser can successfully authenticate by using Kerberos or will need to fallback to another authentication method.

 

I've been testing this iRule with Internet Explorer, Edge, Firefox and Chrome. All these browsers seem to be working fine. Only Chrome seems to do things a bit differently and is showing a login prompt for a split second, but it's working.

How to use this snippet:

The screenshot below shows an example of an Access Policy that uses either Kerberos or SAML authentication.

 

0151T000003lEA4QAM.png

The first agent in the policy is an 'Empty Agent' which will read the session.custom.domainjoined variable to determine which authentication method to use. The session.custom.domainjoined variable is set by the kerberos_auth_or_fallback_auth iRule.

 

0151T000003lEA9QAM.png

Tested this on version:

13.0

Link to iRule

https://github.com/nvansluis/f5.kerberos_auth_or_fallback_auth 

Version history
Last update:
‎26-Oct-2023 07:14
Updated by:
MVP
Contributors
Copyright © 2023 Khoros, LLC