CirrostratusI have some legacy, API type, clients that supply an HTTP Authorization header as part of their initial request. In this manner, the server does not reply with a 401 since the header is offered per-emptivly.
Is there a way to capture this information and perform an SSO against a backend application without sending a client redirect to /my.policy?
Employeeyes but with a small irule. you need to add a specific headed which will tell the apm module that the session is not interactive.
when HTTP_REQUEST {
HTTP::header insert "clientless-mode" 1
}
in this case the APM will not redirect the user, but you will have by yourself in the irule to look for authentication information, decode it and assign it to APM variable. this can be done by adding a irule event aggent in the VPE, and set the session.logon.last.username and pasword in the irule event.
CirrostratusPerfect, I will try this out. I wonder why this header is mentioned no where in the product documentation.
CirrostratusThis is a helpful answer now that I know about this option:
https://devcentral.f5.com/questions/apm-clientless-mode