irule to send traffic to correct pool

I have also tried this: when AUTH_RESULT {

 

if {[AUTH::status] != 0} {

 

pool Form_Pool

 

} else {

 

pool Kerberos_Pool

 

}

 

A few things to consider:

 

 

1. Are you referring to Kerberos SSO between APM and the server? And also Forms-based SSO between APM and the server? If so, and Kerberos fails, are you prepared to provide a username and password?

 

 

2. The AUTH events belong to the old Advanced Client Authentication (ACA) module and do not apply to APM.

 

 

3. If using TWO server side SSO profiles, from 1 above, and you do have a username and password to supply to Forms-based SSO, what you'd necessarily need to do is 1) save the request, 2) capture the Kerberos auth failure (401) in the response, 3) select a new SSO profile using the WEBSSO::select method, and then 4) replay the request.

 

 

The above isn't the most intuitive things, so please first elaborate if possible on your requirements.

 

No APM in the picture.

 

I have simple logic

 

when HTTP_REQUEST {

 

if { [HTTP::header value Authorization] contains "Negotiate YII" } {

 

pool Kerberos_Pool

 

} else {

 

pool Forms_Pool

 

}

 

}

 

However, since there are many REQUESTs and RESPONSEs in the same session, the browser jumps from kerberos pool to forms pool (back and forth) because form pool sometimes return null. Is there a way to set a global variable in irule that keep a count for a number of a request went through? For eg, how many times [HTTP::header value Authorization] contains "Negotiate YII" HTTP REQUEST went through?

 

Reference: https://devcentral.f5.com/community/group/aft/2167601/asg/50