APM AP VPE to value/variable to check and trigger a redirect to logon in case of failed SSO Forms & Auth Failure

Question

Hi,&nbsp;
I am looking for help regarding building a VPE AP workflow that checks a variable/value that would redirect to the Logon page in case User Login Failure? and Assign a WebTop Portal Access resource if User/Pass passes sign-in.&nbsp;
See attached screenshots. The SSO Credentials Mapping is functioning. My various attempts to get the redirect to work are:&nbsp;
session.sso.token.last.username.sso.state&nbsp;
or&nbsp;
use URI path contains: 
"/?returnurl=/" (for Successful Logon Detection Match Value) and "/login/?returnurl=%2f" (for failure)&nbsp;
Also tried using individual iRule(s), the "iRule Event" with "Empty Action" branch rule expression check to assign a trigger value &amp; assign it a session variable ... to no avail.&nbsp;
Please advise on the best way to make this work &amp; what other information I need to provide? Thank in advance!&nbsp;
&nbsp;
&nbsp;
&nbsp;
&nbsp;
&nbsp;

seth_cooper · Answer

Can you setup a AAA object to auth the user before provisioning the Portal webtop?  The request to the backend will not happen until you have hit the "allow" ending on the policy and at that point the evaluation is over.&nbsp;
Your best bet is to authenticate the user and then make your provisioning decisions.&nbsp;
Seth&nbsp;

popica · Answer

Hi Seth,&nbsp;
Thanks for your quick response.&nbsp;
Unfortunately the custom back-end web app does not authenticate user upfront with AD &amp; the application owner is not willing to change this right now.&nbsp;
I guess that leaves us with no solutions right now?&nbsp;
Appreciate your help.
Best - Constantin&nbsp;

popica · Answer

the auth is handled by a DB on the service. No integration to AD at all. different password for AD and the app&nbsp;

seth_cooper · Answer

Constantin,&nbsp;
Could you by chance use the HTTP AAA object?  use the VPE to send a request to the back-end app to auth the user and then send to the portal?&nbsp;
Seth&nbsp;

popica · Answer

I will try your recommendation &amp; keep you posted.
Thanks again!&nbsp;

Forum Discussion

APM AP VPE to value/variable to check and trigger a redirect to logon in case of failed SSO Forms & Auth Failure

7 Replies

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 i-series Guests to r-series tenants migration

Block specific URL's in APM

Sizing calculation storage

Upgrading vCMP guest

API Pre-Authentication

Related Content

F5 HTTPS Redirect 2025

Modify APM variable value

Assign cookie value to APM custom variable

Trigger js challenge/Captcha for ip reputation/ip intelligence categories

Leveraging Ansible Rulebooks for Streamlined Event Triggers: Advantages and Benefits

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS