Forum Discussion
alex100_194614
Nimbostratus
NimbostratusProblem with stream iRule and SAML idp redirect
Running into following issue here. We have a sharepoint site with web servers listening on some high port and using internal hostname. On the SharePoint virtual server I am applying fallowing iRule t...
Hi Alex,
For for the VIP targeting VIP solution to get around APM-Stream Profile conflicts, below is a basic view of what the config would look like:
ltm virtual vs_external { destination 1.1.1.1:443 ip-protocol tcp mask 255.255.255.255 profiles { clientssl_profile { context clientside } stream_profile { } http { } tcp { } } rules { forward_internal_virtual saml_stream_expression } } ltm virtual vs_internal { destination 2.2.2.2:80 enabled ip-protocol tcp mask 255.255.255.255 profiles { example_accesspolicy { } http { } rba { } tcp { } websso { } } } ltm rule forward_internal_virtual { when HTTP_REQUEST { virtual vs_internal } }
APNimbostratus
NimbostratusHi Alex,
So, does this same Virtual Server that you have applied the above iRule to also have an APM Policy with an SP Resource (SAML Auth)?
A few points in the meantime, although I can't say that they will solve your issue. The 404 error sounds like your requesting an invalid resource/uri. Have you performed any captures?
I notice you're using HTTP_REQUEST_RELEASE. I think you also need to use HTTP_RESPONSE_RELEASE with APM instead of HTTP_RESPONSE.
I've had varying results when using Stream Profiles on Virtual Servers with APM as a SAML IDP or SP. Have you noticed any errors in the logs? In those cases I had to create an external VS with the Stream Profile and target another VS with the APM Policy.
