michael_61082
May 08, 2010Nimbostratus
Single Sign On - Cookie + Basic Auth
I am currently using an ISAPI filter, basic authentication, and a cookie to achieve single sign on for a portfolio of web applications/servers. I'd like to be able to cut out the ISAPI filter for ease of maintenance and expanding support across non-IIS web servers.
Has anyone used an iRule to simulate a "forms" based type of authentication over multiple web servers? I am think the iRule could do something like this:
- Check for existence of login cookie
- No cookie - 302 to anonymous login page (SSL)
- User submits login (validate against LDAP) creates two cookies - "login cookie" and "auth cookie" (base64 encoded user/password)
- "login cookie" exists - check for "auth cookie"
- "auth cookie" is appended as WWW-Authenticate
-no "auth cookie", send 401 to client
-on error - 401 to client
Does this seem like something an iRule could do? I am a complete beginner on iRules - any help would be great!!