Forum Discussion
Bob_10976
Nimbostratus
NimbostratusResponse/Redirect iRule for ADFS
We have ADFS deployed in our environment and all appears to be working as expected. However our customer does not want to have the users go to a page where they have to select a "Realm" (domain) to log in from. This can be fixed by having the users use a URL like https://sitename.com/Pages/SiteSplashPage.aspx?whr=urn:federation:RealmName, but obviously that not the pretty name they want to use to promote the new site. I can create iRule that will redirect anyone coming to sitename.com be redirected to the above URL, however that appears to be causing some type of conflict in ADFS, its causing some type of loop and the ADFS server stops the traffic and the user cannot log in.
I need some help with creating a rule for sitename.com that will be based on the response of the initial connection so that when the 302 redirect comes through with a specific URL, such as https://fs.mysite/adfs/ls/ in the header, than I can redirect to the https://sitename.com/Pages/SiteSplashPage.aspx?whr=urn:federation:RealmName URL. I'm not totally convinced that will work but its a place to start.
If any other suggestion or has any experience with ADFS and iRules I'm all ears..
Thanks, Bob
- Check this out:
http://blogs.technet.com/b/speschka/archive/2011/09/14/using-the-whr-parameter-with-sharepoint-2010-and-saml-auth.aspx 
Bob_10976John..Thanks for the link, that will come in handy when we've upgraded to SP 2010, which should be shortly. We did create an iRule though for our 2007 instance that seems to work well.when HTTP_REQUEST { switch "[string tolower [HTTP::host]]" { "domain_name.com" { if {not ([string tolower [HTTP::query]] contains "whr")}{ set newURI [HTTP::uri] if {not ([string tolower [HTTP::uri]] contains "?")}{ append newURI "?whr=urn%3Afederation%3ARealmName" }{ append newURI "&whr=urn%3Afederation%3ARealmName" } HTTP::uri $newURI } } } }
