Forum Discussion
Simple APM + irule question
I have a relatively easy Access Policy, but have one little thing I need help with.
I have a policy applied to a virtual that essentially displays a decision box. If they select yes they go through a password reset process. If they select NO...well, that's the issue.
If they select yes they go through the password reset process. At the end of that I display a message box saying "you successfully changed your password" and by default there is the "select continue" option. When they select continue i essentially have it mapped to "allow" but what I would like to do is redirect them to an external web site once that select continue.
Furthermore if the user gets to the virtual and selects "No" on the initial decision box I just want to redirect them to an external site.
I can easily write an irule that looks for the http_request and redirects them, but apparently this takes place before the access policy kicks in.
So how do I make it so that:
- user goes to virtual server IP
- user gets access policy
- If user selects "no" on initial decision box they are kicked to an external website
- If user selects "yes" they continue on through the access policy and at the end when they click "continue" from the message box they are then forwarded to the external website.
Once again, I thought it would be as simple as putting an irule on the resource and then just making it so that if they select "no" the action was "allow" - which in turn would let them access the resource which would invoke the irule and send them to the site, but like I said the irule is hitting before the access policy so my whole process is kind of messed up now.
when ACCESS_POLICY_COMPLETED { ACCESS::respond 302 noserver Location "; }
- dp_119903Cirrostratus
when ACCESS_POLICY_COMPLETED { ACCESS::respond 302 noserver Location "; }
- dp_119903Cirrostratus
well that worked when I was just doing a simple apm policy like I described. But I decided to add SAML auth so that I could push this to our external IDP before accessing it and that apparently breaks it again. I guess after the SAML auth is successful it triggers a ACCESS_POLICY_COMPLETED b/c now after it does the SAML auth it immediately forwards to the website - before going through the decision tree and all of that.
Hmmm...thoughts?
- Stanislas_Piro2Cumulonimbus
You can create a new policy ending with action redirect.
In this ending, configure the redirect uri and if you want to close the session or not.
It’s better than use an irule for that
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com