Forum Discussion
Tom_Anderson_91
Dec 11, 2009Nimbostratus
We use some iRule magic to make the multiple authentication profiles happen. First off we specify both the authentication profiles in the VIP configuration. Each authentication profile is tied to an iRule which looks as follows (the AUTH start is different based on the auth profile used). As you'll see this ensures the iRule only executes with a matching URL. The other iRule (tied to the other auth profile) contains the /b- URL search.
Provides authentication for URLs containing a-.
when HTTP_REQUEST {
if {[HTTP::path] contains "/a-"} {
set tmm_auth_ldap_sid [AUTH::start pam ldaps-staffonly]
AUTH::username_credential $tmm_auth_ldap_sid [HTTP::username]
AUTH::password_credential $tmm_auth_ldap_sid [HTTP::password]
AUTH::authenticate $tmm_auth_ldap_sid
HTTP::collect
}
}
when AUTH_SUCCESS {
if {$tmm_auth_ldap_sid eq [AUTH::last_event_session_id]} {
HTTP::release
}
}
when AUTH_FAILURE {
if {$tmm_auth_ldap_sid eq [AUTH::last_event_session_id]} {
HTTP::respond 401
}
}
when AUTH_WANTCREDENTIAL {
if {$tmm_auth_ldap_sid eq [AUTH::last_event_session_id]} {
HTTP::respond 401
}
}
when AUTH_ERROR {
if {$tmm_auth_ldap_sid eq [AUTH::last_event_session_id]} {
HTTP::respond 401
}
}