For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Deman's avatar
Deman
Icon for Nimbostratus rankNimbostratus
Mar 03, 2015

Hey Andrew, I may have found a solution for us. Might be a bit untidy but so far it seems to work

Here's what I did

  • Added "Advanced Resource Assignment" back to the test_universal_policy
  • Changed the sso to use multi-domain (with the only entry being the companies domain, no host entries)
  • Set both ADFS and Webtop to use the universal policy
  • Created an irule and attached it to the test webtop vs, which has the following
when HTTP_REQUEST { 
    if { [ACCESS::session data get session.logon.last.result] == 1 } {
          
        if { not ([HTTP::uri] starts_with "/vdesk/") } {
            set thiswebtop [ACCESS::session data get "session.assigned.webtop"]         
            HTTP::redirect "https://webtop.example.com/vdesk/webtop.eui?webtop=$thiswebtop&webtop_type=webtop_full"
     }
   }
}

I haven't added our external login form yet (just using the built in F5 one)

Give that a whirl.