Forum Discussion

Madiw_114772's avatar
Madiw_114772
Icon for Nimbostratus rankNimbostratus
May 02, 2014

APM Open a second startup browser after the webtop portal launch

Hello, I'm using a Portal access Webtop to redirect users to the corporate startup page after the access Policy is completed. the issue I'm having with this method is that the APM standard webtop sta...
application delivery
devops
iRules
Madiw_114772's avatar
Madiw_114772
Icon for Nimbostratus rankNimbostratus
May 08, 2014

I tested the iRule and the second browser is still opening even if the account doesn't have the good nsrole value. For testing, I modified the Irule as follow 

when HTTP_REQUEST {
    STREAM::disable
    if { [HTTP::uri] starts_with "/vdesk/webtop.eui?webtop=" } {
        if { [ACCESS::session data get -sid [HTTP::cookie value MRHSession] session.custom.trigger] ne 1 } {
           set nsrole1 "[ACCESS::session data get session.ldap.last.attr.nsrole]"
                log local0. "nsrole1 = $nsrole1"
                if { [ACCESS::session data get -sid [HTTP::cookie value MRHSession] session.ldap.last.attr.nsrole] contains "f5_full" } {
                set catch 1
                ACCESS::session data set -sid [HTTP::cookie value MRHSession] session.custom.trigger 1
            }
        }
    }
    virtual /Cert/MY_test_VS
}
when HTTP_RESPONSE {
    set nsrole "[ACCESS::session data get session.ldap.last.attr.nsrole]"
    log local0. "nsrole = $nsrole"
    if { [info exists catch] } {
        unset catch
        STREAM::expression {@@ @}
        STREAM::enable
    }
}

and logs show nsrole and nsrole1 entries with the trigger not in the attribute but the second browser still open

May  8 14:28:41 fb001 info tmm7[5710]: Rule /Cert/JS_injection_layered_VIP_CERT : nsrole = | cn=cdms_abc_general_consumer,o=abc | cn=cdms_cc_consumer,o=abc | cn=containerdefaulttemplaterole,o=abc | cn=containerdefaulttemplaterole,o=abc.com,o=abc | cn=dn-affiliation management,o=abc | =abc | cn=dn-abcll centres,o=abc | cn=dn-ccma,o=abc | cn=dn-managersunion,o=abc | cn=dn-users,o=abc | cn=elearning,o=abc.com,o=abc | cn=f5_abcllcentre,o=abc | 

May  8 14:28:41 fb001 info tmm2[5710]: Rule /Cert/JS_injection_layered_VIP_CERT : nsrole1 = | cn=cdms_abc_general_consumer,o=abc | cn=cdms_cc_consumer,o=abc | cn=containerdefaulttemplaterole,o=abc | cn=containerdefaulttemplaterole,o=abc.com,o=abc | cn=dn-affiliation management,o=abc | ,o=abc | cn=dn-abcll centres,o=abc | cn=dn-ccma,o=abc | cn=dn-managersunion,o=abc | cn=dn-users,o=abc | cn=elearning,o=abc.com,o=abc | cn=f5_abcllcentre,o=abc |

I'm looking how catch is set to 1 if the condition below is not matched

if { [ACCESS::session data get -sid [HTTP::cookie value MRHSession] session.ldap.last.attr.nsrole] contains "f5_full" }