APM Issue Injecting New Authorization Header
I have a policy that uses an Active Directory Authentication, then an Active Directory Query for client authorization. The server side is "dumb." It uses basic auth for authentication. So I inject a new authorization header using variable assign. This allows us to authenticate many users on the client side, while keeping the server side "dumb."
session.logon.last.username = set username "new-username"
session.logon.last.password = set password "new-password"
I have a problem where I need to switch over to LDAP instead of Active Directory. The problem is that even though the
session.logon.last.username
and session.logon.last.password
get updated, it doesn't pass the new credentials to the back end...it still uses the original credentials.
Why would it work in the case of AD, but not LDAP? Authentication is done at that point, and it just needs to pass the new header to the backend. The logs show the new credentials are present, yet the old ones are still passed.
Here is my LDAP policy:
*Tested on both BIG-IP 11.5.2 Build 1.0.169 Hotfix HF1, and BIG-IP 11.6.0 Build 4.0.420 Hotfix HF4, with the same result.