Forum Discussion
NimbostratusAPM Multi-Domain Auth Redirect Not Working
Hey All,
I'm attempting to implement multiple domain authentication with APM. I've followed the somewhat fleeting documentation and have come against some bugs it would appear.
On 11.5 we can successfully redirect the user to a Primary Authentication URI, authenticate via a logon page (AD/LDAP etc), and be redirected back to the site. At this point we insert some headers and other bits and pieces. The same configuration on 11.6 causes issues.
With 11.6 upon initial redirection to the logon page via the Primary Authentication URI, we receive "Access policy configuration has changed on gateway. Please login again to comply with new access policy configuration". OK... so we click "click here" to open a new session and login. After the authentication is successful IE will display page cannot be displayed, and FF will display connection reset, as if post login the redirect isn't attempted.
After mucking around a bit I've found this iRule:
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
if { [HTTP::uri] ends_with "/my.logout.php3?errorcode=22" } {
HTTP::redirect "/"
}
}
That works to get rid of the "Gateway" error upon initial redirection to the login page however, the redirect still doesn't occur after logging in, I was hesitant to think that it would not interfere with the processing of the access policy but it didn't appear to have any effect.
The "gateway" error appears to be resolved in a few fixes through many versions excluding 11.6 (from what I've seen), but I cannot find anything on why the redirect doesn't work.
Oliver's Subnet Spot had a very nice article explaining the process, but the process just doesn't seem to work on 11.6. I am presuming that the "gateway" error message and the lack of redirect post login are related.
Hoping somebody can help!
Thanks
