Forum Discussion
eddyk99
Nimbostratus
Nimbostratusrewrite Azure AD response for portal access via web portal
Hi All,
I have a web portal where access to it is done via SAML authentication with AzureAD.
I have a portal access called VIP_Maintenance configured on this we portal, the APP VIP_Maintenance is a web site on this web server (mywebserver.xyz.com) which also configured for SAML authentication. This web server hosts multiple web sites, so the one for VIP_Maintenance is (mywebserver.xyz.intra/azure). Other resource is /signin-wsfederation, this is where I should land after the successful authentication with Microsoft.
So when I try to access to the web portal using my user name and password, F5 sends the request to AzureAD and I receive a code on my cell phone which I enter and access is granted.
Now when I click on the portal access icon (VIP_maintenance), the web portal rewrites the request to this:
then I see my browser communicating with Microsoftonline for authentication and I see the reply from AzureAD like this:
right after, the url changes to this : https:// mywebserver.xyz.intra/signin-wsfederation, and I get an error this this page cannot be reached which is understood as mywebserver.xyz.intra is not exposed to internet.
Now, what I need to do is to make F5 rewrite the response from Microsoft in to this url:
https://web-portal-azuread.viarail.ca/f5-w-68747470733a2f2f7669706d6e74632e746573742e696e747261$$/ signin-wsfederation , instead of https:// mywebserver.xyz.intra/signin-wsfederation.
Any Idea how I can achieve that?
Your help is highly appreciated.
regards,
- Lucas_Thompson
Employee
Portal Access Rewrite cannot be used this way. When using Portal, SAML must occur in BIG-IP instead of the backend app.
If the app must perform SAML itself, publish it using its own virtual server and DNS hostname and allow access to it using APM's multi-domain mode.
For a lot more information about this, read this doc:
https://clouddocs.f5.com/portalaccess-alternative/main/
