AltostratusCan I use APM to request basic auth for a virtual server, and have the credentials authenticated against AD? The pool member server has no authentication.
I've seen Kevin's article https://devcentral.f5.com/articles/configuring-apm-client-side-ntlm-authentication, but need to be able to offer basic auth to the client.
I've seen a couple of articles which allude to this ability, but don't provide enough info for me to implement.
CumulonimbusHi,
So Basic Auth against AD is supported..
Basic auth can be activated in 2 modes:
Clientless mode has some limitations:
you can use the following irule to use clientless mode
when RULE_INIT {
set static::Basic_Realm_Text "Web Services Authentication"
}
when HTTP_REQUEST {
set apmsessionid [HTTP::cookie value MRHSession]
if { [HTTP::cookie exists "MRHSession"] } {set apmstatus [ACCESS::session exists -state_allow $apmsessionid]} else {set apmstatus 0}
if {!($apmstatus)} {
Insert Clientless-mode header to start APM in clientless mode
if { [catch {HTTP::header insert "clientless-mode" 1} ] } {log local0. "[IP::client_addr]:[TCP::client_port] : TCL error on HTTP header insert clientless-mode : URL : [HTTP::host][HTTP::path] - Headers : [HTTP::request]"}
}
}
when ACCESS_POLICY_COMPLETED {
Authentication request for non bowser user-agent session denied
if { ([ACCESS::policy result] equals "deny") } {
ACCESS::respond 401 noserver WWW-Authenticate "Basic realm=\"$static::Basic_Realm_Text\"" Connection close
ACCESS::session remove
return
}
}