Forum Discussion
Hi kj07208,
You can use HTTP_REQUEST in an iRule to add the clientless-mode header depending on user-agent. You can use ACCESS_SESSION_STARTED to add a custom variable to the policy that indicates the type of access you're receiving (browser vs non-browser).
The access policy would need to contain an empty box with 2 branches, based on expressions with mcget to evaluate the contents of your custom variable.
If browser, you could present a logon page or send a 401 response to collect credentials. If non-browser, you could send a 401 response to collect credentials. The 401 Response-thingy is a block in the visual policy editor. Once passed, it will fill out session.logon.last.username and session.logon.last.password (the password only if the auth supports it: Basic does, NTLM/Kerberos do not) for you. After the 401 you set an SSO Credential Mapping object, then the SAML auth or something else.
This will give you 2 branches: one for browsers, one for non-browsers. The policy actions could very well be the same, but with a normal browser you probably have the option of also using the integrated authentication mechanisms such as NTLM and Kerberos, or simply a logon page.
I'm not sure I'm making any sense to you, but by any means, feel free to tell me if I don't :D
Kind regards,
Thomas