I have a use case where we want to do client certificate authentication on the a Big-IP that is running as a stand alone ASM. Once we validate the certificate we want to have the Big-IP reach out and talk to a web authentication server and grab a token to insert in the HTTP packet to be able to send down to the application. I am trying to figure out the best method to manage all this. My first thought would be to use an iRule and SIDEBANDS to talk to the web server to get the token. I do not have any experience using this though and have pretty much stuck to fairly simple iRules up to this point. I would appreciate any thoughts on this or other ideas on how to accomplish this. We are already using proxy SSL for some other application but with restriction to RSA key exchanges only and some other issues it causes us down in the web server tiers it is not an option we want to pursue going forward.
Mike, did you get anywhere with this? It sounds like a similar dilemma that I've come across and am looking to design a solution around.
Hello Mike, Sideband is definitively the good direction. if you provide some info on the authentication api i can help you to craft the request and parse the response.