Topic
  • 4 replies
  • Latest Post - ‏2012-12-05T20:42:22Z by Nivast
Nivast
Nivast
25 Posts

Pinned topic DataPower suggetion needed.

‏2012-12-04T20:24:58Z |
We have XB60 and XI50.

1.External users will access the service through XB60 and internal users will access same service through internally.
2.External users will do the authentication on XB60 and internal users will do the authentication on XI50 but how to avoid authentication in xi50 for the external users whoever coming from the XB60.

externaluser->XB60->XI50->backend same rule.
Internaluser->XI50->backend.

Please provide me if you have any samples and suggestions.
Updated on 2012-12-05T20:42:22Z at 2012-12-05T20:42:22Z by Nivast
  • swlinn
    swlinn
    1348 Posts

    Re: DataPower suggetion needed.

    ‏2012-12-05T10:58:17Z  
    You can provide information in the HTTP header for external users and then do a conditional action in the XI-50 that will only do authentication (I assume a AAA action) only for non external users. You'll need a simple transformation that will take this request header info and place it into a output context that can be used as input to your conditional action.

    Regards,
    Steve
  • Nivast
    Nivast
    25 Posts

    Re: DataPower suggetion needed.

    ‏2012-12-05T18:58:52Z  
    • swlinn
    • ‏2012-12-05T10:58:17Z
    You can provide information in the HTTP header for external users and then do a conditional action in the XI-50 that will only do authentication (I assume a AAA action) only for non external users. You'll need a simple transformation that will take this request header info and place it into a output context that can be used as input to your conditional action.

    Regards,
    Steve
    Thanks Steve.

    I will try it.
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: DataPower suggetion needed.

    ‏2012-12-05T19:32:38Z  
    • Nivast
    • ‏2012-12-05T18:58:52Z
    Thanks Steve.

    I will try it.
    Hi,

    I would add a wrapper MPGW

    externalUser->XB60->XI50 ( on port x) {do something or Nothing} -> XI50 mainFlow
    internalUser ->XI50(on port y) { Authenticate } -> XI50 mainFlow.

    This way decoupling the mainFlow from authentication will help in future as well, if you want to change/add something.

    If you do not want that - then check the IP of incoming request and if it from XB60 - avoid authentication if not authenticate.
  • Nivast
    Nivast
    25 Posts

    Re: DataPower suggetion needed.

    ‏2012-12-05T20:42:22Z  
    Hi,

    I would add a wrapper MPGW

    externalUser->XB60->XI50 ( on port x) {do something or Nothing} -> XI50 mainFlow
    internalUser ->XI50(on port y) { Authenticate } -> XI50 mainFlow.

    This way decoupling the mainFlow from authentication will help in future as well, if you want to change/add something.

    If you do not want that - then check the IP of incoming request and if it from XB60 - avoid authentication if not authenticate.
    Thanks for the response.
    If you do not want that - then check the IP of incoming request and if it from XB60 - avoid authentication if not authenticate.

    This is what exactly i am trying to do but not sure how to do?is there any sample code?