Hello, I'm trying to get SSL Offloading to work with an new web-app we're bringing online. It's meant to run over http between client and server. If i configure STM Virtual server as port 80, it works fine. Main page displays, user can enter credentials to login or hit the "Use Windows Credentials" button. I'm trying to get this to work properly with SSL Offloading. When i enable SSL Offloading, I have to use an HTTP response rule to re-write the returned content to call all https URLs. I use this rule for that: #$url = http.getResponseHeader( "Content-Type" ); #if( !string.startsWith( $url, "text/html" ) ) break; $response = http.getResponseBody ( ) ; $response = string.replaceAll ( $response , " http://server.domain.org/ " , " https://server.domain.org/ " ) ; http.setResponseBody ( $response ) ; Yes, I have the sanity check commented out. The main login page calls some .ashx files that dont have the content type in them so they aren't re-written. Even more stuff breaks then. The problem I'm seeing is that even though I get the login page to load over SSL now, there are no mixed-content security issues or cert issues, I cannot login. My credentials no longer work to access the app. I cannot manually enter credentials nor does the "Use Windows Credentials" work. Of note, when I use windows credentials via HTTPS, i see my machine doing a kerberose authentication to AD. When over HTTP, I do not see this same transaction. It would appear i'm athenticating to AD properly, because I can do it repeatedly and my AD account will not lock out. Has anyone dealt with anything similar and gotten it to work? Thanks in advance.
... View more