Forum Discussion
Peter_Baumann
Cirrostratus
CirrostratusAPM Portal Access Rewriting
Hi all,
A customer of us is using the F5 with APM and a Full Weptop Config.
They're using a Full Webtop Portal with Portal Access Ressources and Rewriting.
One of the Portal Access is connecting to a Document Management Application (https://backend.com) where the Source IP is allowed for access from the F5.
Now the Backend Provider of the Document Management App has upgraded the Application and integrated a Keycloak IAM, since then the included OpenID Connect SSO Requests are not properly rewriten by the F5.
The Client connects then directly to the SSO URL for OIDC and not through the Portal Access Rewriting.
We created a HAR File on the client and see the following:
*******
Requests to rewriting:
https://portal.f5.com/f5-w-abc123/page1.html
https://portal.f5.com/f5-w-abc123/somejavascript.js
https://portal.f5.com/f5-w-abc123/somepic.jpg
.....
Then the following:
https://api.essentials.backend.com/api/userrequest
And:
https://id.backend.com/realms/essentials/protocol/openid-connect/auth?client_id......
*******
The obfuscated path /f5-w-abc123 results in the URL https://backend.com
So how can we have the other URL also rewritten so that https://api.essentials.backend.com/... is rewritten to https://portal.f5.com/f5-w-xyz123 ?
Thank you for your help
This kind of SSO (federation) inside of Portal Access Rewrite is not supported and doesn't usually work.
APM has a specific feature to do it with SAML:
https://my.f5.com/manage/s/article/K06743491
APM does not have a corresponding feature for OAuth.
Generally we don't recommend using Portal Access Rewrite unless it's necessary. We have a guide that describes how to move from Portal Access to "Web Access Management Mode" aka "LTM+APM" mode. This mode has far better compatibility. It's here:
https://clouddocs.f5.com/portalaccess-alternative/main/
- Lucas_Thompson
Employee
This kind of SSO (federation) inside of Portal Access Rewrite is not supported and doesn't usually work.
APM has a specific feature to do it with SAML:
https://my.f5.com/manage/s/article/K06743491
APM does not have a corresponding feature for OAuth.
Generally we don't recommend using Portal Access Rewrite unless it's necessary. We have a guide that describes how to move from Portal Access to "Web Access Management Mode" aka "LTM+APM" mode. This mode has far better compatibility. It's here:
https://clouddocs.f5.com/portalaccess-alternative/main/