AltostratusUser authentication for non-http traffic
Hello,
I’m an IAM architect, not BigIP expert, and I’m wondering if BigIP LTM/APM has the capabilities to support the use case described below.
It’s about non-HTTP protocol, more precisely DICOM protocol. So all the nice token based solutions, stateless security enforcement that I'm used to with HTTP do not work here.
We want to control network access between DICOM client application running on workstations (managed windows 10 running Edge Client) and the DICOM servers. Access control should be based on both workstation security controls (authentication, security posture) and end user authentication. If successful, network access should be allowed. Whether user authentication had to happen upfront, before starting the DICOM client, or just in time when TCP connection is initiated is interesting to know, as well as user experience. User authentication is to be integrated with an IdP, based on standard federation protocols (OIDC or SAML). Once traffic is allowed, security session must be monitored and closed in case of inactivity or client application termination / logout.
Thanks for reading so far!
Any feedback, ideas, clue on how to achieve that if possible will be appreciated.
