Forum Discussion
Stanislas_Piro2
Nov 01, 2018Cumulonimbus
You can find this code in a previous thread
when HTTP_REQUEST {
store the host header for the initial /start_policy redirect
set uri [HTTP::uri]
set logout_req 0
set apm_cookie [HTTP::cookie value MRHSession]
if { ( [ACCESS::session exists -state_allow $apm_cookie] ) \
or ( [HTTP::uri] starts_with "/my.policy" ) } {
initial redirect to /my.policy (starts access policy evaluation) - or a normal post-policy request
set apm_req 1
return
} elseif { ( [HTTP::uri] starts_with "/start_policy" ) } {
initial redirect to /start_policy (starts access policy evaluation)
Remove the not established previous sessions
ACCESS::session remove
ACCESS::session create -timeout 1800 -lifetime 0
ACCESS::session data set session.server.landinguri [findstr [HTTP::uri] "/start_policy?url=" 18]
set apm_req 1
return
} else {
APM session disabled until logon process is started
ACCESS::disable
set apm_req 0
return
}
}
when ACCESS_SESSION_STARTED {
store the initial (redirect URI) until it's needed
ACCESS::session data set session.server.landinguri [findstr [HTTP::uri] "/start_policy?url" 18]
}
when HTTP_RESPONSE {
log local0. "apm_req was $apm_req"
capture the redirect to authenticate
if { ([HTTP::status] eq "401") and ($apm_req eq 0) } {
initiate access policy processing
log local0. "apm_req was $apm_req so redirecting"
HTTP::respond 302 Location "/start_policy?url=$uri"
}
}