APM SSO for a downstream forward proxy

Question

Does anyone know a way to make APM SSO work when presented with 407 pages?    &nbsp;
I have a requirement to put APM in front of a 3rd party forward proxy server with APM.   The proxy only supports authentication via NTLM via a 407 page and NTLM.    For a bunch of reasons, I'd like to be able to have users log on once to APM via a form, then when they want to access resources via this proxy have the APM respond to the 407 on their behalf.    APM SSO seems to respond fine to 401 messages, but not 407.&nbsp;
I'm sure that if it was basic auth instead of NTLM in the 407, then I could put together an iRule that built a proxy authorisation header out of session variables.   But that would involve sending credentials in the clear.   So I'd much prefer to use NTLM.  &nbsp;
All ideas warmly appreciated.&nbsp;

kevin_davies_40 · Answer

Create a virtual, attach an iRule, map 407 responses to 401 responses. Point APM at the virtual, point the virtual at the proxy.&nbsp;
The iRule to map responses would be something similar to this&nbsp;
If there are protocol/payload differences it would be up to you to manage them in the iRule. I am not suggesting this would be simple. Click your heels together and check the RFC behaviour in both cases.&nbsp;

Forum Discussion

APM SSO for a downstream forward proxy

1 Reply

Recent Discussions

F5 terminal - help to run commands - disk space full

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Error while running ansible

ASM instance creation

Related Content

SSL Forward Proxy Explained using Wireshark

SSL Orchestrator Advanced Use Cases: Forward Proxy Authentication

HTTP Forward Proxy - v3.2

Configure the F5 BIG-IP as an Explicit Forward Web Proxy Using LTM

How to tell nginx to use a forward proxy to reach a specific destination