Forum Discussion
NimbostratusF5 APM with specific not all SAML SP initiated connection issue, cause iRule execution fail, TCP reset with F5 Version 12.1.2 HF1
NimbostratusHi Daniel, Thanks for looking into this. Below is the iRule applied.
when RULE_INIT { Change to "1" to enable debugging log statements, 0 to disable set static::debug_IDP 1 }
HTTP Request used provide IdP Initiated SAML for users that have logged inwhen HTTP_REQUEST priority 30 { log local0. "HTTP Path= [HTTP::path]" log local0. "Access policy result= [ACCESS::policy result]" if {"[ACCESS::policy result]" eq "allow"} { switch -glob [string tolower [HTTP::path]] { "/staples*" { if { $static::debug_IDP } { log local0. "HTTP_REQUEST: Setting SAML start uri to staples" } HTTP::respond 302 Location "/saml/idp/res?id=/Common/Staples_IDP" return }
"/concur*"
{
if { $static::debug_IDP } { log local0. "HTTP_REQUEST: Setting SAML start uri to concur" }
HTTP::respond 302 Location "/saml/idp/res?id=/Common/Concur_IDP"
return
}
"/healthfitness*"
{
if { $static::debug_IDP } { log local0. "HTTP_REQUEST: Setting SAML start uri to healthfitness" }
HTTP::respond 302 Location "/saml/idp/res?id=/Common/HealthFitness_IDP"
return
}
}
}
}
ACCESS Policy Response used to provide IdP Initiated SAML for users that have not logged in yetwhen ACCESS_POLICY_COMPLETED priority 30 { switch -glob [string tolower [ACCESS::session data get session.server.landinguri]] { "/staples*" { if { $static::debug_IDP } { log local0. "ACCESS_POLICY_COMPLETED: Setting SAML start uri to staples" } ACCESS::respond 302 Location "/saml/idp/res?id=/Common/Staples_IDP" return }
"/concur*"
{
if { $static::debug_IDP } { log local0. "ACCESS_POLICY_COMPLETED: Setting SAML start uri to concur" }
ACCESS::respond 302 Location "/saml/idp/res?id=/Common/Concur_IDP"
return
}
"/healthfitness*"
{
if { $static::debug_IDP } { log local0. "ACCESS_POLICY_COMPLETED: Setting SAML start uri to healthfitness" }
ACCESS::respond 302 Location "/saml/idp/res?id=/Common/HealthFitness_IDP"
return
}
}
}
