Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Different auth type per path/user-agent/header?

Ricardo_Duarte
Altostratus
Altostratus

‎08-Nov-2020 11:36

Hi,

 

Is there a way to force different authentication methods for different paths under the same VS?

Or do the same, but per user-agent? Say SAML for Browsers, NTLM for everything else.

I can't see anything under the policy builder, so maybe irules can do it somehow?

(I don't want to use per-request policies, if possible)

 

Thanks

 

Labels:
0 Kudos
4 REPLIES 4

PeteWhite
F5 Employee
F5 Employee

‎09-Nov-2020 07:15

APM has this in the VPE as a client side check ( client Type and Client OS ), or you can check the landing URI to do different auth for the different paths.

0 Kudos

Ricardo_Duarte
Altostratus
Altostratus

‎14-Nov-2020 12:21

VPE will not work for me.

I want to do something similar to what the "Exchange Profile" does: /activesync is basic ; /mapi is ntlm ; owa is web auth, etc.

But I can't match paths/urls on per-session requests... At least I cant find a way to do it.

0 Kudos

Ricardo_Duarte
Altostratus
Altostratus

‎15-Nov-2020 03:21

Would this be a good option?

 

  • Create a Standard VS with the VIP
  • Then create multiple Internal VS with the same pool servers but different APM policies
  • Then route to the internal VS from the Standard VIP with iRules

 

0 Kudos

PeteWhite
F5 Employee
F5 Employee
In response to Ricardo_Duarte

‎16-Nov-2020 02:17

Hi Ricardo, Yes, it would – or you can use the landing URI session variable within a policy.
0 Kudos
Copyright © 2023 Khoros, LLC