Forum Discussion
mhoney_60913
Nimbostratus
NimbostratusSAML IDP - retain relay state and avoid webtop
Hello,
I was asked to create a SAML IDP on one of our F5’s. This I have done, tested, and it’s all working fine through a webtop. I have now been asked if it can be configured so that when one of our users clicks on a link similar to https://staging.externalcompany.com/mycompany/apage they will be authenticated and then directed automatically back to the page in the link instead of the webtop. When they click through the webtop item they lose the relay state and get presented with the standard landing page. Any ideas on how I can configure this?
Thanks
2 Replies
- Kevin_Stewart
Employee
Have you considered, or does the application support SP-initiated SAML? This would generally avoid a webtop (because the APM IdP doesn't need one).
Przemyslaw_Wyr1Altocumulus
I have workoround in iRule. When request comes in, and has uri which referes to webtop then it is redirected to the default application. For me it is not a sufficient solution, but thus skipping Webtop. For one application it is ok, but If you have several applications and would like to visit, for example, app 5 and make an error logging you will be directed to webtop'a and iRule will redirect to the default application, for example, app1. The customer wanted APP5 and got app1 - here the whole weakness of this solution. when HTTP_REQUEST { if { [ACCESS::policy result] eq "allow" } { switch -glob -- [string tolower [HTTP::uri]] { "/" - "/my.policy" - "/vdesk/webtop.eui?webtop=/${partition_name}/${webtopname}&webtop_type=webtop_full" { HTTP::respond 302 Location "https://default-application.minedomain.com" return } } } }
