Forum Discussion
Carl_Stone_1343
Nimbostratus
Nimbostratusi-Rule to Authorize users baes on presence of cookie
Hi,
Im deploying ADFS, and have many different iRules for different purposes.
However, I have a new challenge, which I cannot seem to fix...
I have two different urls, with their own VServers, one for customers, and the other for employees. I need a way to distinguish between them, so I can redirect if they follow a link, for example, leading them to the wrong url.
I initially did this with Certs, however Internet Explorer prompts the user to select a cert, with the prompt box empty, each time they hit the iRule. this is not an iRule problem, but the way IE works.
Therefore I have thought about installing a cookie on each employees PC, and want the irule to Query the client for the Cookie, and redirect accordingly.
With the HTTP::cookie exists command, I find that I can only query the cookies offered by the client, does anybody know the command, or sample iRule, to get the BIG IP to actually request the cookie from the client...and/or if its possible...?
Thanks, Carl
1 Reply
- It seems as though you could accomplish what you're doing by setting a single cookie for employees. Check for this cookie to allow/validate use of the employee only URL and bounce everyone else over to the other site. The fourth post down in this thread:
https://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=6719&view=topic
...has an irule which could be adapted for this fairly easily. Installing the cookie will be a bit of a trick - this is usually done by the application directly. The LTM can insert a cookie into the headers, of course, and then do things based on its presence (or absence). LTM can also manipulate what's already there - rewrite, encrypt, sanitize, etc.
