Forum Discussion
Kevin_Stewart
Sep 30, 2013Employee
Apologies, haven't had a chance to explore some of the more detailed questions. The first, and probably easiest approach is to simply disable the access policy until the user requests a trigger URI. Assign your access policy to the VIP and use an iRule like the following:
when HTTP_REQUEST {
if { not ( [class match [stringt tolower [HTTP::uri]] starts_with my_uri_dg] ) } {
ACCCESS::disable
}
}
The access policy evaluation will only happen once, so once the user triggers it with a special URI request, they'll have a session cookie available for any other special access URIs. Just configure the access policy as you normally would.
I'll be working on the second part of your question Monday morning (switching between Kerberos and form logon).