Assign APM webtop without redirecting to it

Cirrostratus

Oct 15, 2015

I have done this with the following iRule:

when ACCESS_POLICY_COMPLETED {
    set sid [ACCESS::session data get "session.user.sessionid"]

    switch [ACCESS::session data get "session.policy.result"] {
        "allow" {
            switch -glob [ACCESS::session data get "session.server.landinguri"] {
                "/saml/idp/profile/redirectorpost/sso" {
                     If the logon is being driven by a SAML request then don't interfere with the default redirect logic
                }
                "/webtop" {
                     If the user has requested the webtop explicitly then don't interfere
                }
                default {
                     Instead of going directly to the WebTop send the user to their original URL.
                     They can get back to the WebTop by going to /webtop via the redirect handled in ACCESS_ACL_ALLOWED
                    if { [ACCESS::session data get session.assigned.webtop] starts_with "/Common/" } {
                        if { [string length [ACCESS::session data get session.server.landinguri_base64]] != 0 } {
                             session.server.landinguri_base64 is for release 11.5.1
                             Handle Multi-Domain Authentication Landing URI
                            ACCESS::respond 302 Location "[ACCESS::session data get session.server.network.protocol]://[ACCESS::session data get session.server.network.name][ACCESS::session data get session.server.landinguri_base64]"
                        } elseif { [string length [ACCESS::session data get session.server.multidomain_host]] != 0 } {
                             session.server.multidomain_host is for release 11.6.0
                             Handle Multi-Domain Authentication Landing URI
                            ACCESS::respond 302 Location "[ACCESS::session data get session.server.network.protocol]://[ACCESS::session data get session.server.network.name]/F5Networks-SSO-Req?SSO_ORIG_URI=[b64encode [string range [ACCESS::session data get session.server.landinguri] 33 end]]"
                        } else {
                             The Request originated on the Primary Auth URL / Single Domain Auth
                            ACCESS::respond 302 Location "[ACCESS::session data get session.server.network.protocol]://[ACCESS::session data get session.server.network.name][ACCESS::session data get session.server.landinguri]"
                        }
                    }
                }
            }
        }
    }
}

when ACCESS_ACL_ALLOWED {
    switch -glob [HTTP::uri] {
        "/webtop" {
             Allow the user to get back to the webtop if they navigate to a backend server
            ACCESS::respond 302 Location "https://[HTTP::host]/vdesk/webtop.eui?webtop=[ACCESS::session data get session.assigned.webtop]&webtop_type=webtop_full"
        }
    }
}

Forum Discussion

Assign APM webtop without redirecting to it

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

APM variable assign examples

F5 HTTPS Redirect 2025

Mitigating OWASP API Security Risk: Mass Assignment using F5 BIG-IP

Mitigating OWASP API Security Risk: Mass Assignment using F5 XC Platform

Creating, Importing and Assigning a CA Certificate Bundle

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS