Trying to use an iRule to determine the type of authentication in an Access policy
Currently I have an access policy the uses SAML but I have users that have client applications that only understand NTLM or basic auth. I would like for the access policy and irule to determine the incoming request by user agent if it is browser process as normal to a SAML auth else I need to send the client a authentication protocol that it knows how to handle like basic auth. Also I don't want it redirecting to mypolicy.php that will mess the client up.
iRule
when ACCESS_SESSION_STARTED {
log local0.notice "APM: Received a new session from browser: [ACCESS::session data get "session.user.agent"]"
set useWindowsAuth "0"
set user_agent [ACCESS::session data get "session.user.agent"]
if (user_agent == "Microsoft Office Protocol Discovery") {
set useWindowsAuth "1"
HTTP::header insert "clientless-mode" 1 //I don't want it to redirect to mypolicy.php
? Don't know what to do next?
} }
In the Access policy I don't know where this would have to go? Or would I response with a 401 with the clientless-mode set then in the access check the headers for clientless-mode?
yeah I know that it's kind of hairy but just give it one more shot.