APM SSO for a downstream forward proxy
Does anyone know a way to make APM SSO work when presented with 407 pages?
I have a requirement to put APM in front of a 3rd party forward proxy server with APM. The proxy only supports authentication via NTLM via a 407 page and NTLM. For a bunch of reasons, I'd like to be able to have users log on once to APM via a form, then when they want to access resources via this proxy have the APM respond to the 407 on their behalf. APM SSO seems to respond fine to 401 messages, but not 407.
I'm sure that if it was basic auth instead of NTLM in the 407, then I could put together an iRule that built a proxy authorisation header out of session variables. But that would involve sending credentials in the clear. So I'd much prefer to use NTLM.
All ideas warmly appreciated.