Forum Discussion
CirrusHow to use an irule to append URI path in the post logon redirect parameter
How to use an irule to append URI path in the post logon redirect parameter. I am using an irule to redirect APM user to azure logout page to get him logged out of azureAD first and then have him come back to the APM. Azure gave us the logout URI that can be used to redirect the user to azure logout, which also has this post_logout_redirect_uri parameter that can be used to redirect the user back to the F5 on a specific URI. The irule i am using is this
when HTTP_REQUEST
{ if {[HTTP::uri] contains "/logout-apm"} {
HTTP::redirect "https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=https://xxx-xxxxxxx.com/includes/logged_out.aspx"}
}
Can I use HTTP::HOST and HTTP::URI parameters inside the post_logout_redirect_uri parameter here to have azure redirect back to the APM hosted instance as the initial request was instead of specifying the exact FQDN and URI specifically.
We are trying to use the same irule to be applied to any VIP that needs it instead of creating more entries under the irule for each specific application logout URI paths and setting new and different conditions for each of those triggers. We could have a lot of those application logout URI paths and also other VIPs which may need similar solution using more irules.
Also, If the application is able to set the user to come in with a specific trigger path for logout that includes the post_logout_redirect_uri included, can i just refer the irule to look for the same and only append the same detail to the azure logout URI as well ?
Andrew-F5Employee
Can I use HTTP::HOST and HTTP::URI parameters inside the post_logout_redirect_uri parameter here to have azure redirect back to the APM hosted instance as the initial request was instead of specifying the exact FQDN and URI specifically?
A: Yes. You can reference the following document for more details, https://clouddocs.f5.com/api/irules/HTTP__host.html.
sricharan61Hi Andrew
Let me correct the requirement and put the request in more detail.
The client is going to come in with a logout request that looks like this
https://www-xxxxxxx.com/logout-apm?post_logout_redirect_uri=/includes/logged_out.aspx
His request would itself include the post_logout_redirect_uri in it. BUT, he would not come in with the host name defined in the post_logout_redirect_uri, only the URI part.
We need the F5 to pick up the www-xxxxxxx.com and uri included in that post_logout_redirect_uri /includes/logged_out.aspx and put them in the azure logout redirect URL
https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=https://www-xxxxxxx.com/includes/logged_out.aspx
So we are basically defining the post_logout_redirect_uri for the azure logout page, by inserting the hostname from the initial request and the URI path mentioned in the initial post_logout_redirect_uri from the client.
If is use something like
when HTTP_REQUEST {
if { [HTTP::uri] contains "logout-apm"}
{
HTTP::redirect
https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=https://[getfield [HTTP::host]/[HTTP::uri]"
}
}
i am not sure if i can use this in the first place, but even if this works, the URI path would include the whole path
logout-apm?post_logout_redirect_uri=/includes/logged_out.aspx again.
I am looking to set a redirect to something, and also modify specific segments of its URI path, like this post_logout_redirect_uri in this, I want to modify that in a way i fill out the post_logout sections details from the initial calls post logout section but.. add the host name in it, grabing the hostname from the initial HTTP::REQUEST