Forum Discussion

staylor_128127's avatar
staylor_128127
Icon for Nimbostratus rankNimbostratus
Jun 24, 2003

BigIP with Siteminder and Radius?

We are currently using iPlanet boxes in our DMZ to reverse-proxy back to our Weblogic app servers via Weblogic's iPlanet plug-in. The iPlanets also house the Siteminder plug-in, authenticating users in the DMZ before they reach the Weblogic machines.

 

 

We'd like to replace the web servers with BigIPs. In order to do this, we'll need to authenticate users somehow on each BigIP, either against our LDAP servers, or preferably, against our existing Siteminder Policy Server.

 

 

Since the Siteminder Policy Server can speak RADIUS, could we use BigIP's RADIUS capability for authentication against the Policy server? If so, can BigIP's RADIUS authentication be controlled through with iRules? For example, if a user fails RADIUS authentication against the Policy server, would it be possible to write an iRule to redirect the user to a login page? What would the iRule(s) look like?

 

 

Is BigIP+RADIUS the best replacement for our current iPlanet+Siteminder plugin configuration, or would you recommend another BigIP combination?

 

 

Thanks mucho for any ideas you can give!
dev
devops
iControl
v4

1 Reply

Sort By
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Jun 24, 2003
    BIG-IP does handle remote RADIUS authentication but I believe that you are not able to do what you want with iRules.

     

     

    We can help you with programming issues here at DevCentral, but for questions like this one that concern BIG-IP and it's configuration in the network, we recommend you contact our Technical Support group where you will receive more detailed answers and recommendations on product solutions.

     

     

    F5 Technical Support

     

    Email: support@f5.com

     

    Phone: 206-272-6888

     

    AskF5: http://tech.f5.com/

     

     

    -Joe