Forum Discussion
fwebb_116789
Nimbostratus
NimbostratusAPM SSO for VMware vCenter and vCloud Director
I currently have an HA pair of F5s running LTM, AFM + APM in front of a vCloud Director 5.5 deployment. I currently have users authenticate to APM and are provided a webtop based on AD Group Resourc...
kunjan_118660
Cumulonimbus
CumulonimbusIs there a j_thumbprint variable too for vCentre? Seems this varies with the installation.
I tried the following iRule which seems to be working, but may not be complete. Modify according to your setup. vCloud Director might be similar, but I don't have one to check.
when HTTP_REQUEST {
set ssoKey 0
if { [HTTP::uri] ends_with "ui.jsp" } {
if { [ACCESS::session data get "session.custom.sso"] equals "" }{
HTTP::header remove "Accept-Encoding"
STREAM::disable
set ssoKey 1
}
}
if { [HTTP::uri] ends_with "j_spring_security_check" } {
set ssoKey 1
}
}
when HTTP_RESPONSE {
if { $ssoKey equals 1 } {
if { [HTTP::payload] contains "url:/vsphere-client/ui.jsp" } {
ACCESS::session data set session.custom.sso 1
HTTP::redirect "ui.jspextensionId=vsphere.core.folder.summaryView"
return
}
set j_username [ACCESS::session data get "session.logon.last.username"]
set j_password [ACCESS::session data get "session.logon.last.password"]
set j_serviceUrl {vc5.local}
set j_thumbprint {00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00}
set vForm "
"
STREAM::expression "@@$vForm@"
STREAM::enable
}
}
fwebb_116789Nimbostratus
NimbostratusFirst of all, thank you. This really helps.
I am working with this iRule. When I attempt to apply it to the virtual server, I get an error stating that a STREAM profile must be applied. Is it okay just to apply the parent stream profile, or are there any considerations that I need to take into consideration?
