Forum Discussion

jdewing's avatar
jdewing
Icon for Cirrus rankCirrus
Sep 14, 2018

Using Clientless Mode with smartcard

I have a VIP configured with an APM policy for smartcard authentication. Users can authenticate using their smartcard with no issue, however they also want to use a software called TortoiseSVN to use same authentication process with smartcard. TortoiseSVN does not support cookies, therefore it will not be able to use MRHSession cookie for their session. From what I understand is that I should be able to use iRULE to insert the clientless-mode behavior to avoid using MRHSession cookie. No Luck!

 

when HTTP_REQUEST { HTTP::header insert "clientless-mode" 1 }

 

I tried many ways, using on-demand CERT auth and client cert inspection.

 

TortoiseSVN will keep requesting new sessions with 302 redirect back to /my.policy and tried again. The log showing “User need Input”. User will not get prompted for smartcard Certificate to enter their PIN number.

 

I was hoping maybe, we can use browser first to authenticated, and then use TortoiseSVN client to use the same session but the software client will just create another session.

 

Any suggestions will be much appreciated.

 

APM
application delivery
iRules

1 Reply

Sort By
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Sep 28, 2018

    Hi,

     

    Clientless mode is made to bypass interactive actions. In your scenario, APM policy is not mandatory. You can simply use Client Certificate Authentication on the clientssl profile.

     

    Anyway, On-demand Cert Auth will not work in clientless mode. Desktop client and browser doesn't share sessions (cookies) so you have no change to share sessions between software.

     

    You can instead use the Browser to authenticate the user. And an irule to then identify that the Client IP already authenticated.

     

    Regards

     

    Yann