Jump to content


Photo

smart card authentication load balancing

Started by Dario Messina , 17 July 2017 - 08:18 AM
5 replies to this topic

Dario Messina Members

Dario Messina
  • 4 posts

Posted 17 July 2017 - 08:18 AM

Hi,

 

I want enable smart card authentication with load balancing. My goal is obtain a client authentication with smart card when url contain /test.php.

 

I do this:

- Create Server

- Create LB Virtual Server

- Create (in SSL) client_auth_action with Client Authentication enabled

- Create (in SSL) policy with expression HTTP.REQ.URL.CONTAINS("/test.php") that use client_auth_action

- Bind this policy with LB Virtual Server

 

When I try to connect with url https://example.com/test.php it not work. I don't see any request in my server.

 

Where is the problem?

How can I configure the netscaler to work with client authetication??

 

Regards,

Dario

 

 



Carl Stalhood CTP Member

Carl Stalhood
  • 12,078 posts

Posted 17 July 2017 - 12:22 PM

One option is to reconfigure this using content switching. If path contains /test.php, send the request to a LB vServer that has client certificates enabled.

Dario Messina Members

Dario Messina
  • 4 posts

Posted 17 July 2017 - 12:43 PM

I also tried this but not work for me.
 

I configure 2 LB with same server, one LB with SSL Policy and other without SSL Policy, but not work.



Carl Stalhood CTP Member

Carl Stalhood
  • 12,078 posts

Posted 17 July 2017 - 12:50 PM

On the Content Switch, set SSL Parameters (or SSL Profile) > Client Certificate Authentication to Optional. On the LB vServer, set it to Mandatory.



Dario Messina Members

Dario Messina
  • 4 posts

Posted 17 July 2017 - 01:16 PM

I configure Content Switching with:

  • 2 content switching policies, one if URL contain test.php and other if URL not contain test.php
    • HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("test.php")
    • HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("test.php").NOT
  • for each policy I add action for redirect in a different load balancer.
    • testphp
    • notestphp
  • configure client_authentication to optional
  • add in content switch cert for site and CA of my smart card

I configure 2 different LB with same server.

In testphp:

  • I add the same cert of Content Switching
  • I configure Client_Authentication to Mandatory
  • I remove SSL_Policy

In notestphp:

  • I add the same cert of Content Switching
  • I not configure Client_Autentication

When I try to connect in URL with test.php, I have the same result of a URL without test.php, I see the page and smart card not work (i try with and without card and the result is the same)



Dario Messina Members

Dario Messina
  • 4 posts

Posted 21 July 2017 - 12:22 PM

Can someone help me?