Forum Discussion
Kevin_Davies_40
Jun 17, 2014Nacreous
This is how far I have progressed. It is a work in progress, an hints or tips appreciated...
The Virtual is called vs_faketop and has the iRule below applied. The order of execution is
1st Pass
- BIGIP Edge Client VPN connection follows second branch
- iRule saves credentials into table.
- Network access launches browser session back to the APM with /preauth?key=232343
2nd Pass
- Browser connection with /preauth?key=23431134
- Follows first branch
- iRule retrieves login information for session
- Opens webtop with supplied credentials.
This is the logging output from ltm/apm.
Think of it as VPN launching a Webtop as its final action. The SSO is done using tables. I tried to comprehend the APM documentation on layered virtual's providing single sign on but didn't get anywhere. If there is another way to do this I am all ears.
when HTTP_REQUEST {
log local0. "...in HTTP_REQUEST"
if {[HTTP::uri] eq "/preauth"} {
retrieve credentials from table storage
set key [URI::query [HTTP::uri] key]
set username [table lookup $key:user]
set password [table lookup $key:pass]
log local0. "Retrieved credentials"
}
}
when ACCESS_SESSION_STARTED {
log local0. "...in ACCESS_SESSION_STARTED"
inject credentials into session
if {[info exists username]} {
ACCESS::session data set session.logon.last.username $username
ACCESS::session data set session.logon.last.password $password
log local0. "Assigned credentials"
}
}
when ACCESS_POLICY_AGENT_EVENT {
log local0. "...in ACCESS_POLICY_AGENT_EVENT"
get current credentials
set user [ACCESS::session data get session.logon.last.username]
set pass [ACCESS::session data get session.logon.last.password]
store them in a table
set key [crc32 "$user:$pass"]
table set $key:user $user
table set $key:pass $pass
log local0. "Saved credentials user=$user pass=$pass key=$key"
define customer parameter used in Launch Applications under Network Access
ACCESS::session data set session.myapp "https://192.168.86.11/preauth?key=$key"
unset user pass key
}
The problem at the moment is the app won't launch after the VPN connects. Also "pass" appears to come up empty.