For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Michael_Koyfma1's avatar
Michael_Koyfma1
Icon for Cirrus rankCirrus
Oct 08, 2015

I think I am going to hazard a guess what's going on wrong here. If the user navigates away from the webtop, and hits the virtual again, they will be sent to the login page even if they present a valid MRHSession cookie. You can control that behavior using an irule as well:

when HTTP_REQUEST {
   if { ( [HTTP::cookie exists MRHSession] ) and ( [ACCESS::session exists -state_allow [HTTP::cookie value MRHSession]] )  and ( [HTTP::uri] equals "/" ) } {
     HTTP::redirect "https://[HTTP::host]/vdesk/webtop.eui?webtop=/Common/portal_webtop&webtop_type=webtop_full"
   }
}
Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
Oct 14, 2015
Thank you both very very much. Understanding the ACCESS::session methods was the key here that I clearly didn't have. Steak dinners on me! if the URI isn't a redirect to an SP resource, and it's an active session - redirect to the SAML SP resource if { ( [HTTP::cookie exists MRHSession] ) and ( [ACCESS::session exists -state_allow [HTTP::cookie value MRHSession]] ) and ( [HTTP::uri] equals "/" ) } { switch [string tolower [HTTP::host]] { "learning.pseudo.com" { log local0.notice "~~~~~~~~~~~~~~Cookie matches and allowed for LEARNING: Looks like we found an IDP initiated with URI: [HTTP::uri]" HTTP::redirect "https://learning.pseudo.com/saml/idp/res?id=/SSO/kallidus" } "bluetube.pseudo.com" { log local0.notice "~~~~~~~~~~~~~~Cookie matches and allowed for BLUETUBE: Looks like we found an IDP initiated with URI: [HTTP::uri]" HTTP::redirect "https://bluetube.pseudo.com/saml/idp/res?id=/SSO/Kaltura" } "recruitment.pseudo.com.com" { log local0.notice "~~~~~~~~~~~~~~Cookie matches and allowed for RECRUITMENT: Looks like we found an IDP initiated with URI: [HTTP::uri]" HTTP::redirect "https://recruitment.pseudo.com/saml/idp/res?id=/SSO/recruitment" } } }