For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mike_drennen_16's avatar
mike_drennen_16
Icon for Cirrus rankCirrus
Aug 24, 2015

Redirect to external website through APM based on AD group membership.

I have an issue where I am need to direct users to a separate login page if they are members are a particular AD group. We are wanting to test SAML SSO in Prod for a particular cloud application we ...
BIG-IP Access Policy Manager (APM)
design
security
mike_drennen_16's avatar
mike_drennen_16
Icon for Cirrus rankCirrus
Aug 25, 2015

I was able to find a solution to this using an iRule.

when ACCESS_POLICY_COMPLETED { 
                    set workfront_redirect ""
                            set memberOfList [split [ACCESS::session data get session.ad.last.attr.memberOf] "|"]

                            foreach x $memberOfList {
     if { [class match [string trim $x] equals workfront_datagroup]} {
        set workfront_redirect "true"
                                            }                                              
                            }

            if { $workfront_redirect eq "" } {
                            ACCESS::respond 302 noserver Location "https://mrc.cr1.attasksandbox.com/login"
            } 
     }

I was unable to call HTTP::redirect from within ACCESS_POLICY_COMPLETED, that's why I had to use the workaround with a 302 response.