Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

APM authentication only for some urls

vmunier_96939
Nimbostratus
Nimbostratus

‎23-Oct-2013 04:44

Hi, I have one virtual server defined in LTM. (https://webmail.mycompgny.com) I would like to use APM to authenticate users accessing to my virtual server, but only for some URLs (https://webmail.mycompgny.com/EspacePersonnel/....). Others url must be accessible whitout authentication. I don't know really how to do that. I have tried to insert an access policy agent event to set a custom session variable based on the requested uri:

 

0691T000006ApQ7QAK.jpg

 

For this irules event, i have defined 2 branches: if Needauthentication ==0 so final action is ALLOW (no authentication): 0691T000006ApQ8QAK.jpg

 

The problem i see is the HTTP::uri in ACCESS_POLICY_AGENT_EVENT is "/renderer/agent_irule_event_form.eui" and not the original requested uri. Is it possible to retrieve the original requested uri from an ACCESS_POLICY_AGENT_EVENT ?

 

Maybe there is another method to do that? I would kike to avoid create another webservice only for unauthenticated url. If you have any idea? Thanks .

 

Labels:
0 Kudos
5 REPLIES 5

vmunier_96939
Nimbostratus
Nimbostratus

‎23-Oct-2013 05:26

Hi, I have just find the variable {session.server.landinguri} so i can't now check the requested url to redirect or no to the external logon page. But a have a second problem: If the first requested url is "public" (not a protected url), i am allowed to acces it (it's good) but i'm also allowed for all the next requested url, even those in the protected folder (/EspacePersonnel/...)... I think I really have not used the right way to do it...
0 Kudos

Matt_Dierick
F5 Employee
F5 Employee

‎23-Oct-2013 10:33

Hi, there is a box LandingURI, simpler than an irule, and you can set the right authentication steps just after. For ie, /public --> no auth. Else AD auth.

 

Now, when user is granted, you want to allow only a part of the tree, correct ? In that case, you need to set ACL and assign ACL to the right branch.

 

By default, when APM session is granted, all resources are allowed. You need to set ACL L7.

 

En espérant que cela vous aide 😉

 

Matt

 

0 Kudos

vmunier_96939
Nimbostratus
Nimbostratus

‎24-Oct-2013 00:04

Hi Matt, Thanks you for your advices. I'll try it. I have also find another way to authenticate the user only for some urls: with an very simple irules linked to my web service: when HTTP_REQUEST {

 

Authenticate only for the /private folder:

if {[HTTP::path] starts_with "/private"} { ACCESS::enable } else { ACCESS::disable } } It's working good for my needs.

 

0 Kudos

Hen_Sirawy
Nimbostratus
Nimbostratus

‎08-Jan-2020 00:24

How can I set it?

I want to disable authentication for a specific url.

0 Kudos

Abed_AL-R
Cirrostratus
Cirrostratus

‎10-Dec-2020 01:12

Has anyone tried this on OWA iapp template 1.6.2 when its working with APM access policy?

0 Kudos
Copyright © 2023 Khoros, LLC