Forum Discussion
Kai_Wilke
Apr 03, 2019MVP
Hi Tony,
APM supports a clientless-mode to allow transparent authentication (without triggering the HTTP redirect to /my.policy). You may check out APM Operations Guide and search for "Clientless mode" to get an overview of this feature...
BIG-IP APM Operations Guide
Keep in mind that APMs clientless-mode still depends on a APM session cookie, to authenticate subsequent requests after authentication. In client-less mode the cookie will be issued on the very first application server response.
If your user-agent does not support cookies, you have to develop an
[ACCESS::user]
based iRule in front of APM, that uses certain certificate information as the session.user.uuid
value to locate existing APM sessions for the currently connected user and to finally inject the APM session cookie to the ongoing request.
Wiki: ACCESS::user
https://devcentral.f5.com/wiki/iRules.ACCESS__user.ashx
Cheers, Kai