2 Way SSL and SIDEBANDS usage in iRules

Question

I have a use case where we want to do client certificate authentication on the a Big-IP that is running as a stand alone ASM. Once we validate the certificate we want to have the Big-IP reach out and talk to a web authentication server and grab a token to insert in the HTTP packet to be able to send down to the application. I am trying to figure out the best method to manage all this. My first thought would be to use an iRule and SIDEBANDS to talk to the web server to get the token. I do not have any experience using this though and have pretty much stuck to fairly simple iRules up to this point. I would appreciate any thoughts on this or other ideas on how to accomplish this. We are already using proxy SSL for some other application but with restriction to RSA key exchanges only and some other issues it causes us down in the web server tiers it is not an option we want to pursue going forward.

arnaud_lemaire · Answer

Hello Mike, Sideband is definitively the good direction. if you provide some info on the authentication api i can help you to craft the request and parse the response. &nbsp;

nathe · Answer

Mike, did you get anywhere with this? It sounds like a similar dilemma that I've come across and am looking to design a solution around. &nbsp;

Forum Discussion

2 Way SSL and SIDEBANDS usage in iRules

2 Replies

Recent Discussions

APM OCSP Responder Issues

no available managed rule groups for Israel il-central-1

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

About shun list for L7 DDoS?

Related Content

Simple Sideband - iRule sideband the easy way

iRules LX Sideband Connection

Advanced iRules: Sideband Connections

iRule sideband using HTTP/2

iRules LX Sideband Connection - Handling timeouts