Forum Discussion
NimbostratusOriginal URI is lost when user logs in after failed login attempt
I was hoping I could get some help with the APM... Here's an example of what issue I'm trying to solve:
Billy navigates to www.abc.com/admin, which requires permission to access. The APM fires up and sends Billy to the login page. Billy accidentally mistypes his username or password and is presented with an access denied page. Billy clicks the link to open a new session and enters username and password correctly. However, Billy is now sitting at www.abc.com instead of the desired URL of www.abc.com/admin.
When Billy does not mistype credentials the first time, he is taken to his desired URL without fail.
What do I need to do either in the Access Policy or in an iRule to retain this URL? Right now, I am storing it in a session variable, which obviously does not exist between sessions. This seems like a fairly common scenario that all you experts have tackled... hopefully some insight can come my way. :)
Thanks!
6 Replies
kunjanHave you tried the "Redirect" option (Edit Endings) in VPE, provided this is static URL?
http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-config-11-4-0/apm_config_understanding.html - Understanding the redirect ending
JP_135500I was looking into that, but this is not a static URL. Can I tap into a session variable with this Redirect ending?
kunjan_118660Cumulonimbus
Have you tried the "Redirect" option (Edit Endings) in VPE, provided this is static URL?
http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-config-11-4-0/apm_config_understanding.html - Understanding the redirect ending
- JP_135500I was looking into that, but this is not a static URL. Can I tap into a session variable with this Redirect ending?
- kunjan
Yes, provided the session variables is populated during the current session.
Zeeshan_Ahmad_1There is a very simple solution for this, let us take an example you are doing AD authentication, Edit the policy and go to the AD Auth event and change the value of Max Logon Attempts Allowed to 3 then in case Billy opens a www.abc.com/admin and gets a logon page and gives credentials. in case he puts a wrong credentials then he will get a message user name and password is wrong and will stay on the login page and then if he will give the correct User name and password then APM will get him to the correct www.abc.com/admin page. With this approach he will stay on the login page till three tries.
There is an other way as well where you can redirect to a dummy url and on this redirect ending uncheck the session close on redirection and create a separate branch on that dummy uri and have the similar events like the main one.
