Manual Chapter : Configuring URL branching for step-up authentication
Applies To:Show Versions
- 15.1.2, 15.1.1, 15.1.0
Configuring URL branching for step-up
Add a URL branching agent to a per-request policy or to a per-request policy subroutine to create simple branching rules based on URLs. You might use URL branching to run different types of step-up authentication for different URLs or to skip step-up authentication altogether for a group of URLs.
- Open the per-request policy for editing.
- To edit a per-request policy subroutine, expand it.
- In the per-request policy or in the per-request policy subroutine, in the branch where you want to add URL branching, click [+].The Add Item popup screen opens.
- On the Classification tab, selectURL Branchingand clickAdd Item.The Properties screen opens.
- Click the Branch Rules tab.The screen displays the default rule,Allow, and the expression,URL contains: domain.com.
- If you do not want a rule that matches a URL substring, delete the default rule; (clickx).The URL Branching agent can be configured to exactly match a URL, or to match a substring or a prefix or a suffix in a URL, or to perform glob pattern matching on a URL.
- If you want to replace the value (domain.com) in the default rule:You can use AND and OR operators to configure expressions for your rules. For simplicity of illustration, the examples do not include these operators.
- Click thechangelink.An additional popup screen opens.
- In theURL containsfield, deletedomain.com, and type the substring that you want to match.
- ClickFinished.The popup screen closes.
- If you have no more changes to make, clickSave.
- To add a rule, clickAdd Branch Rule.
- In theNamefield, replace the default nameBranch Rulenumberwith a name for the branch.
- ForExpression: Empty, click thechangelink.A popup screen opens.
- ClickAdd Expression.Fields with default values display.
- For theAgent Selfield, select or retainURL Branching.
- ForCondition, select one from the list.When you select a condition, a related input field displays.
- ForConditionEqualsin theURL isfield, type the URL that you want to exactly match.
- ForConditionSubstringin theURL containsfield, type the string that you want to match.
- ForConditionPrefix Matchin theURL begins withfield, type the prefix that you want to match.
- ForConditionSuffix Matchin theURL ends withfield, type the suffix that you want to match.
- ForConditionGlob Matchin theURL glob patternfield, type the globbing pattern that you want to match.URL branching supports these globbing patterns:
- *Matches any number of characters (none or one or more).
- ?Matches a single character in these sets: [a-z] or [0-9] or [A-Za-z].
- [characters]Matches one of the specified characters.
- [^characters]Matches any characters except for those specified.
- [!characters]Matches any characters except for those specified.
- ClickAdd Expression, then clickFinished.The popup screen closes; the updated expression displays on the Branch Rules screen.
- ClickSave.The popup screen closes; the visual policy editor displays.
The per-request policy or subroutine includes URL branching.
After the URL branch, you can add step-up authentication if that's what you are trying to do. In a per-request policy, you can insert a call to a subroutine after a URL branch. Or, in a subroutine, you can insert an authentication agent after a URL branch. Make sure to add the per-session and per-request policies to the virtual server.