Forum Discussion

eirikn's avatar
eirikn
Icon for Nimbostratus rankNimbostratus
Apr 27, 2016

Sharepoint 2013 Login redirect iRule problems

Hi,

I'm having a problem with a Irule applied to a VS loadbalancing a sharepoint site.

 when HTTP_REQUEST {
  switch [HTTP::host] {

    sh.domain.com {


      if { [active_members SHAREPOINT_2013_HTTPS_pool] < 1 } { HTTP::respond 200 content {some content} }  
     if { ( [string tolower [HTTP::uri]] contains "login.aspx" ) and ( [IP::addr [IP::client_addr] equals 10.0.0.0/8]) } { HTTP::redirect "https://sh.domain.com/_windows/default.aspx?ReturnUrl=/" }

      pool SHAREPOINT_2013_HTTPS_pool
    }

    sh.domain2.com {
      if { [active_members SHAREPOINT_2013_HTTPS_pool] < 1 } { HTTP::respond 200 content {some content} }  
      if { ( [string tolower [HTTP::uri]] contains "login.aspx" ) and ( [IP::addr [IP::client_addr] equals 10.0.0.0/8] ) } { HTTP::redirect "https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/" }
      pool SHAREPOINT_2013_HTTPS_pool
    }
  }
}

What happens:

Internal users:

User wants to access URL: https://sh.domain.com/testguy

Without the irule, internal clients connects to the sharepoint site from a ip in the 10.0.0.0/8 subnet, and are automaticly redirected to a sharepoint login page. The user then has to click a link to log inn. Clicking this link does nothing but redirect to https://sh.domain.com/_windows/default/.aspx?ReturnUrl=/testguy

With the iRule, internal clients buypass the login screen correctly, but they are riderected to the home page of sharepoint (another redirect that happens when you request https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/)

Trying to access the original URL : https://sh.domain.com/testguy again within the same browser now works correctly because the user is never redirected to login page, and therefor just sent straight to the pool.

External users:

Is currently working as expected. They are sent to login page, and have to click the login button and present credentials, and then redirected to the correct page.

How can I have my internal users buypass the login page, and automaticly redirected to the requested URI?

Is there a way to append the original URI to https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/[HTTP::uri] without causing a redirection loop?

I have tried the above statement, but it creates a loop because the HTTP:uri is now the login page.

Appreciate all input!

application delivery
http redirection
iRules
LTM
sharepoint
sharepoint 2013
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Apr 27, 2016

    Hello,

     

    I think that the login page does a little more than just redirecting an internal user to the initially requested page. Maybe, Sharepoint do kerberos auth or add some session cookies.

     

    Maybe you can try to replace ReturnURL=/ by ReturnURL=[HTTP::path] or returnURL=[HTTP::uri]

     

    can you post the complete URI used for the login page ?

     

    One way can be to trap the original uri when seeing the Login.aspx request and replace the returnURL query string present in the header Location of the 302 redirect response.