I have this implemented, and its "starting" to work except that I am constantly getting LB_FAILED. I'm hoping someone can point me to some obvious things to check. Below is the relevant bit of the iRule
when HTTP_REQUEST {
log local0.debug "PolicyAgent: HTTP_REQUEST [HTTP::cookie count]"
if {$validate eq 0} {
log local0.debug "PolicyAgent: already validated"
pool pool_dev_supportportal
} elseif {[HTTP::cookie exists $ckname]} {
log local0.debug "PolicyAgent: contains cookie"
if client hasn't already been validated, save the
request so we can replay it to the LB server later;
set LB_request [HTTP::request]
inject lookup URI in place of original request;
HTTP::uri "/opensso/identity/isTokenValid?tokenid=[HTTP::cookie value $ckname]"
log local0.debug "PolicyAgent: URI: [HTTP::uri]"
and send the out-of-band validation query to the OpenSSO_pool.
pool OpenSSO
} else {
log local0.debug "PolicyAgent: redirect to LoginUI"
this request doesnt even have a token to validate, so we need to redirect the the Login UI
HTTP::respond 302 Location "http://server.com:8080/da/UI/Login?goto=[URI::encode "http://[HTTP::host][HTTP::uri]"]"
}
}
when LB_FAILED {
log local0.debug "PolicyAgent: LB failed for [LB::server] [LB::status]"
}
/var/log/ltm:
Nov 11 10:59:46 local/tmm debug tmm[2392]: Rule OpenSSO_Agent : PolicyAgent: HTTP_REQUEST 2
Nov 11 10:59:46 local/tmm debug tmm[2392]: Rule OpenSSO_Agent : PolicyAgent: redirect to LoginUI
Nov 11 10:59:52 local/tmm debug tmm[2392]: Rule OpenSSO_Agent : PolicyAgent: HTTP_REQUEST 3
Nov 11 10:59:52 local/tmm debug tmm[2392]: Rule OpenSSO_Agent : PolicyAgent: contains cookie
Nov 11 10:59:52 local/tmm debug tmm[2392]: Rule OpenSSO_Agent : PolicyAgent: URI: /opensso/identity/isTokenValid?tokenid="AQIC5wM2LY4SfcyJdxjZhvz0JwE+tUTi411T4JVDyeKyuFU=@AAJTSQACMDE="
Nov 11 11:00:05 local/tmm debug tmm[2392]: Rule OpenSSO_Agent : PolicyAgent: LB failed for OpenSSO 172.24.16.45 8080 up
Nov 11 11:00:05 local/tmm debug tmm[2392]: Rule OpenSSO_Agent : PolicyAgent: HTTP_REQUEST 3
Nov 11 11:00:05 local/tmm debug tmm[2392]: Rule OpenSSO_Agent : PolicyAgent: contains cookie
Nov 11 11:00:05 local/tmm debug tmm[2392]: Rule OpenSSO_Agent : PolicyAgent: URI: /opensso/identity/isTokenValid?tokenid="AQIC5wM2LY4SfcyJdxjZhvz0JwE+tUTi411T4JVDyeKyuFU=@AAJTSQACMDE="
Nov 11 11:00:17 local/tmm debug tmm[2392]: Rule OpenSSO_Agent : PolicyAgent: LB failed for OpenSSO 172.24.16.45 8080 up
The bit that is failing is the "pool OpenSSO". Everything in that pool is marked as up, i am able to ping the pool members from the BIG-IP, and the LB::status indicates that everything is up. What else should I be checking to determine why I would receive LB_FAILED?