Forum Discussion

Rosieodonell's avatar
Rosieodonell
Icon for Cirrus rankCirrus
Feb 11, 2020

Help with Access policy and embedded links asking for login again

Hey Everyone,

I have virtual server that has a log in page (webpage A) that request AD authentication and 2 factor for a user. It opens up to a SharePoint site and on one of the SharePoint pages it has a "URL" that points to another location (webpage B) on another pool. I have an irule that looks like this for the virtual server:

when HTTP_REQUEST {
 if {[info exists accessbypass] && ($accessbypass equals "1") && [string tolower [HTTP::host]] starts_with "webpageB"} {
   ACCESS::disable
   pool webpageB_80_pool
 } elseif {[string tolower [HTTP::host]] starts_with "webpageB"}{
   ACCESS::enable
   pool webpageB_80_pool
   set accessbypass 1
 } else {
   ACCESS::enable
   set accessbypass 1
 }
}

So basically when a user logs into webpageA they get the prompt and sign in fine. they then click on the link on webpageA to webpageB and get prompted for a sign in again. I want it to not prompt the user for a log-in if they have already signed into webpageA and get redirected to webpageB. However if they go directly to webpageB i want to have them sign in. This traffic is all on the same virtual server. I have tried setting the "profile scope" to virtual server and global but that didn't help.

Hopefully someone has a suggestion to help me?

application delivery
BIG-IP Access Policy Manager (APM)
iRules
  • Rosieodonell's avatar
    Rosieodonell
    Feb 12, 2020

    Hey Everyone,

     

    i did a different work around to make this work. I used a rewrite profile and a irule to fix my issue. The rewrite profile allowed me to rewrite the traffic if the users had a link that started with the following:

     

    https://webpageA.company.com/loginportal/

     

    and changed the traffic to:

     

    http://webpageB.company.com/

     

    on the back end. It would then leave all the remaining webpageA traffic alone. Same with the irule:

     

    when HTTP_REQUEST {

      switch -glob -- [string tolower [HTTP::uri]] {

        "/loginportal" -

        "/loginportal/*" {

          pool webpageB_80_pool

        }

        "*CONTAINS*" {}

        "STARTSWITH*" {}

        "*ENDSWITH" {}       

      }

    }

     

    All the normal webpageA traffic worked fine but the traffic with the URL link "loginportal/" went to the new pool correctly. Just wanted to share what i did to fix it and not leave a question up in devcentral.

  • Rosieodonell's avatar
    Rosieodonell
    Icon for Cirrus rankCirrus
    Feb 12, 2020

    Hey Everyone,

     

    i did a different work around to make this work. I used a rewrite profile and a irule to fix my issue. The rewrite profile allowed me to rewrite the traffic if the users had a link that started with the following:

     

    https://webpageA.company.com/loginportal/

     

    and changed the traffic to:

     

    http://webpageB.company.com/

     

    on the back end. It would then leave all the remaining webpageA traffic alone. Same with the irule:

     

    when HTTP_REQUEST {

      switch -glob -- [string tolower [HTTP::uri]] {

        "/loginportal" -

        "/loginportal/*" {

          pool webpageB_80_pool

        }

        "*CONTAINS*" {}

        "STARTSWITH*" {}

        "*ENDSWITH" {}       

      }

    }

     

    All the normal webpageA traffic worked fine but the traffic with the URL link "loginportal/" went to the new pool correctly. Just wanted to share what i did to fix it and not leave a question up in devcentral.