Forum Discussion
alex100_194614
Mar 03, 2016Nimbostratus
Problem with stream iRule and SAML idp redirect
Running into following issue here. We have a sharepoint site with web servers listening on some high port and using internal hostname. On the SharePoint virtual server I am applying fallowing iRule t...
- Mar 03, 2016
Hi Alex,
For for the VIP targeting VIP solution to get around APM-Stream Profile conflicts, below is a basic view of what the config would look like:
ltm virtual vs_external { destination 1.1.1.1:443 ip-protocol tcp mask 255.255.255.255 profiles { clientssl_profile { context clientside } stream_profile { } http { } tcp { } } rules { forward_internal_virtual saml_stream_expression } } ltm virtual vs_internal { destination 2.2.2.2:80 enabled ip-protocol tcp mask 255.255.255.255 profiles { example_accesspolicy { } http { } rba { } tcp { } websso { } } } ltm rule forward_internal_virtual { when HTTP_REQUEST { virtual vs_internal } }
Andrew_4752
Mar 03, 2016Altostratus
Hi Alex,
For for the VIP targeting VIP solution to get around APM-Stream Profile conflicts, below is a basic view of what the config would look like:
ltm virtual vs_external {
destination 1.1.1.1:443
ip-protocol tcp
mask 255.255.255.255
profiles {
clientssl_profile {
context clientside
}
stream_profile { }
http { }
tcp { }
}
rules {
forward_internal_virtual
saml_stream_expression
}
}
ltm virtual vs_internal {
destination 2.2.2.2:80
enabled
ip-protocol tcp
mask 255.255.255.255
profiles {
example_accesspolicy { }
http { }
rba { }
tcp { }
websso { }
}
}
ltm rule forward_internal_virtual {
when HTTP_REQUEST {
virtual vs_internal
}
}
- Andrew_4752Mar 07, 2016AltostratusHi Alex, Any luck?
- alex100_194614Mar 09, 2016NimbostratusAndrew, Thanks for the advice. I was able to work around with layered virtual server. It seems like an old bug known for ages. Everything worked out at the end.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects