Forum Discussion

Yann_Desmarest_'s avatar
Yann_Desmarest_
Icon for Nacreous rankNacreous
Mar 21, 2016

Hello,

I suggest to define your IDP as internal VS also. Then, you configure a public VS targeting all others (SP and IDP) using your irule :

when HTTP_REQUEST {        
        switch [string tolower [HTTP::host]] {            
            "app1.domain.com*" { virtual app1.corp.domain.com }
            "app2.domain.com*" { virtual app2.corp.domain.com }
            "idp.domain.com*" { virtual idp.corp.domain.com }
            default { reject }

        }
    }

I suggest adding a wildcard at the end of the hostname because sometimnes you will have request targetint "app1.domain.com:443" for example.

You should also define a default behavior.

  • David_T_254046's avatar
    David_T_254046
    Icon for Nimbostratus rankNimbostratus
    Mar 21, 2016
    Hi Yann, Thanks for the reply, I tried this but no luck thus far. I tried both destinations and it seems to break at the iRule level. Once I removed the iRule, I was able to hit the IDP destination from both links, but it solely uses the IDP Access Profile (As expected with External DNS Pointed to same IP). With iRule in place, I can't even get to the general IDP webtop and resources. I think I'm missing something on the iRule at this point when trying to re-route to the internal VS. I'll keep throwing darts at it until I can get something to stick.
  • Manuel_Cristob3's avatar
    Manuel_Cristob3
    Icon for Nimbostratus rankNimbostratus
    Jul 14, 2017

    hi David were you able to find an answer ( that you can share) for your issue? Much appreciated ..