staylor_128127
Jun 24, 2003Nimbostratus
BigIP with Siteminder and Radius?
We are currently using iPlanet boxes in our DMZ to reverse-proxy back to our Weblogic app servers via Weblogic's iPlanet plug-in. The iPlanets also house the Siteminder plug-in, authenticating users in the DMZ before they reach the Weblogic machines.
We'd like to replace the web servers with BigIPs. In order to do this, we'll need to authenticate users somehow on each BigIP, either against our LDAP servers, or preferably, against our existing Siteminder Policy Server.
Since the Siteminder Policy Server can speak RADIUS, could we use BigIP's RADIUS capability for authentication against the Policy server? If so, can BigIP's RADIUS authentication be controlled through with iRules? For example, if a user fails RADIUS authentication against the Policy server, would it be possible to write an iRule to redirect the user to a login page? What would the iRule(s) look like?
Is BigIP+RADIUS the best replacement for our current iPlanet+Siteminder plugin configuration, or would you recommend another BigIP combination?
Thanks mucho for any ideas you can give!