Forum Discussion

SteveVernau_132's avatar
SteveVernau_132
Icon for Nimbostratus rankNimbostratus
Aug 23, 2013

https redirect irule

We have an ADFS server that we can use to SSO into a third party application.   To hit the third party applciation we need to hit: https://adfs.mydomain.com.au/adfs/ls/IdpInitiatedsignOn.aspx?logi...
application delivery
devops
iRules
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Aug 23, 2013

First, you WILL need to offload the SSL to the BigIP before you can do this. That doens't mean you have to drop the SSL on the poolmembers, you can always re-encrypt. But without the offload, the BigIP can't see the content (And thus the URI) to do the redirect.

 

The code

 

when HTTP_REQUEST {
 if { [string tolower [HTTP::uri]] starts_with "/ppm" } { 
   HTTP::uri [string map -nocase {"/ppm" "/adfs/ls/IdpInitiatedsignOn.aspx?loginToRp=https://ppm.3rdparty.com "} [HTTP::uri]] }
   }
}

Looks fine at first glance (Logically I dont' see an issue. I haven't verified any syntax or lexically 🙂

 

Apart from the tolower bit of course... URI's are case sensitive by RFC... They're only case insensitive on windows really... So you're defeating the HTTP spec that says /PPM is a DIFFERENT URI from /ppm. (That's possibly being a bit pedantic of me. But it's how the standards are written. And I love standards).

 

H