Topic
4 replies Latest Post - ‏2012-12-05T20:42:22Z by Nivast
Nivast
Nivast
25 Posts
ACCEPTED ANSWER

Pinned topic DataPower suggetion needed.

‏2012-12-04T20:24:58Z |
We have XB60 and XI50.

1.External users will access the service through XB60 and internal users will access same service through internally.
2.External users will do the authentication on XB60 and internal users will do the authentication on XI50 but how to avoid authentication in xi50 for the external users whoever coming from the XB60.

externaluser->XB60->XI50->backend same rule.
Internaluser->XI50->backend.

Please provide me if you have any samples and suggestions.
Updated on 2012-12-05T20:42:22Z at 2012-12-05T20:42:22Z by Nivast
  • swlinn
    swlinn
    1344 Posts
    ACCEPTED ANSWER

    Re: DataPower suggetion needed.

    ‏2012-12-05T10:58:17Z  in response to Nivast
    You can provide information in the HTTP header for external users and then do a conditional action in the XI-50 that will only do authentication (I assume a AAA action) only for non external users. You'll need a simple transformation that will take this request header info and place it into a output context that can be used as input to your conditional action.

    Regards,
    Steve
    • Nivast
      Nivast
      25 Posts
      ACCEPTED ANSWER

      Re: DataPower suggetion needed.

      ‏2012-12-05T18:58:52Z  in response to swlinn
      Thanks Steve.

      I will try it.
      • SystemAdmin
        SystemAdmin
        6772 Posts
        ACCEPTED ANSWER

        Re: DataPower suggetion needed.

        ‏2012-12-05T19:32:38Z  in response to Nivast
        Hi,

        I would add a wrapper MPGW

        externalUser->XB60->XI50 ( on port x) {do something or Nothing} -> XI50 mainFlow
        internalUser ->XI50(on port y) { Authenticate } -> XI50 mainFlow.

        This way decoupling the mainFlow from authentication will help in future as well, if you want to change/add something.

        If you do not want that - then check the IP of incoming request and if it from XB60 - avoid authentication if not authenticate.
        • Nivast
          Nivast
          25 Posts
          ACCEPTED ANSWER

          Re: DataPower suggetion needed.

          ‏2012-12-05T20:42:22Z  in response to SystemAdmin
          Thanks for the response.
          If you do not want that - then check the IP of incoming request and if it from XB60 - avoid authentication if not authenticate.

          This is what exactly i am trying to do but not sure how to do?is there any sample code?