Sharepoint 2010 APM working but wierd issue

What behavior did you expect? You mention click on the link to the Sharepoint, are you leverage APM Dynamic Webtop to publish Sharepoint? OR can you please better explain the statement "after you login and get a link to the Sharepoint site.."?

Yes I have a webtop to publish the link to the internal sharepoint site. Once you log in to APM and authenticate to AD you get the webtop with the sharepoint site link. You click on the link and a new window opens up with the sharepoint site. That's fine.

 

 

BUT if you then open a NEW IE browser window and go to the initial APM virtual server link instead of it bringing you to a login screen it opens the sharepoint site's root directory.

 

 

Hope I'm explaining this clearly but in my opinion if you open a new browser window while the other sharepoint window is open and access the F5 APM virtual server it should either bring you to that same sharepoint directory or to the APM virtual server login page. Not bring you to a directory on the sharepoint site that was not allowed any access to through the access policy.

 

 

I have a ticket open with F5 on this but they have not responded in two days. I'm about to call in and get an update.

F5 says I have to use ACLs to prevent this from happening. It seems like there should be a way to use an irule perhaps to determine if there is already a session existing when someone hits the APM virtual server and it tries to access that root folder to redirect them to the path we have allowed in the access policy.

Phatboy, Did you set SharePoint up under Portal Access? How did you configure the resource items? Do you have a top level resource item for /*? One issue that you run into with SP is that it always wants to redirect based on what it thinks is best, which isn't always correct.

 

 

There are a couple of ways that I normally have to work around these issues. One of which involves redirecting based on URI and another is changing out host headers so that the AAM doesn't mess everything up. You also need to ensure that you have your rewrite and patching configured (Full w/HTML, Java, and CSS) do not match case. SharePoint has a habit of changing camel-case and messing up matching.

 

 

If you are looking for an iRule based solution, you have a couple options, if you want it to be invisible to the user, or if you just want to do a redirect, etc. You could set a session variable at Access_Session_Started which happens only for a NEW session, maybe something like the following.

 

 

when ACCESS_SESSION_STARTED {

 

ACCESS::session data set session.custom.newsession "true"

 

}

 

 

Note: "true" doesnt return as boolean, so when you check the value you need to treat it as a string comparison.

 

 

And then check for that on HTTP_REQUEST which will happen twice, once on the initial connect, then after the Access_Session_Started, and you could either change the URI transparently or redirect.

 

 

No Redirect: https://devcentral.f5.com/weblogs/joe/archive/2005/07/27/ModifyingUriWithoutRedirect.aspx

 

With Redirect: https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1090523/Redirects-Rewrites-and-App-Transfers-via-iRules.aspx

 

 

You can also use APM's session variables which are set automatically, LastMRH, etc.