Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Using Clientless Mode with smartcard

jdewing
Altocumulus
Altocumulus

I have a VIP configured with an APM policy for smartcard authentication. Users can authenticate using their smartcard with no issue, however they also want to use a software called TortoiseSVN to use same authentication process with smartcard. TortoiseSVN does not support cookies, therefore it will not be able to use MRHSession cookie for their session. From what I understand is that I should be able to use iRULE to insert the clientless-mode behavior to avoid using MRHSession cookie. No Luck!

 

when HTTP_REQUEST { HTTP::header insert "clientless-mode" 1 }

 

I tried many ways, using on-demand CERT auth and client cert inspection.

 

TortoiseSVN will keep requesting new sessions with 302 redirect back to /my.policy and tried again. The log showing “User need Input”. User will not get prompted for smartcard Certificate to enter their PIN number.

 

I was hoping maybe, we can use browser first to authenticated, and then use TortoiseSVN client to use the same session but the software client will just create another session.

 

Any suggestions will be much appreciated.

 

1 REPLY 1

Hi,

 

Clientless mode is made to bypass interactive actions. In your scenario, APM policy is not mandatory. You can simply use Client Certificate Authentication on the clientssl profile.

 

Anyway, On-demand Cert Auth will not work in clientless mode. Desktop client and browser doesn't share sessions (cookies) so you have no change to share sessions between software.

 

You can instead use the Browser to authenticate the user. And an irule to then identify that the Client IP already authenticated.

 

Regards

 

Yann