NimbostratusWe have a web server with SSO Kerberos configured. Windows client can easily brows then web site and SSO works fine, however, MAC book and IPad user receives HTTP 401. I'd like to create a iRules to insert a dummy token into the HTTP header so MAC Book user and IPad users revive login page instead of HTTP 401 and manually enter username and password.
Any clue would be highly appreciated.
Thanks,
NimbostratusPerhaps consider using the APM module to present a form-based logon to your clients that fail Kerberos. APM will use delegation to go and get a Kerbers ticket for your users, and proxy them onto the protected app. This way you still get AAA without compromising your security.
This article steps you through the concepts and configuration
https://devcentral.f5.com/articles/apm-cookbook-single-sign-on-sso-using-kerberos
If you -really- wanted to make a bad security decision, you could use an iRule to check for an OSX/Ipad user-agent header, and set the Kerberos header.