cancel
Showing results for 
Search instead for 
Did you mean: 

Different auth type per path/user-agent/header?

Ricardo_Duarte
Altostratus
Altostratus

Hi,

 

Is there a way to force different authentication methods for different paths under the same VS?

Or do the same, but per user-agent? Say SAML for Browsers, NTLM for everything else.

I can't see anything under the policy builder, so maybe irules can do it somehow?

(I don't want to use per-request policies, if possible)

 

Thanks

 

4 REPLIES 4

PeteWhite
F5 Employee
F5 Employee

APM has this in the VPE as a client side check ( client Type and Client OS ), or you can check the landing URI to do different auth for the different paths.

Ricardo_Duarte
Altostratus
Altostratus

VPE will not work for me.

I want to do something similar to what the "Exchange Profile" does: /activesync is basic ; /mapi is ntlm ; owa is web auth, etc.

But I can't match paths/urls on per-session requests... At least I cant find a way to do it.

Ricardo_Duarte
Altostratus
Altostratus

Would this be a good option?

 

  • Create a Standard VS with the VIP
  • Then create multiple Internal VS with the same pool servers but different APM policies
  • Then route to the internal VS from the Standard VIP with iRules

 

Hi Ricardo, Yes, it would – or you can use the landing URI session variable within a policy.