SSO HTTP Forms with variably uri

You can assign variable with variable assign. It support tcl code.

How can you retrieve this variable part of uri?

Are there multiple static values or is it a non predictable value?

This variable it's non predictable value.

I created Irule for extract uri:

when HTTP_REQUEST {
if {[HTTP::uri] contains "/idp/SSO.ping" && [HTTP::uri] contains "_"} {
    set SSO_URI [regsub -nocase {/f5\-w\-[0-9a-f]+\$\$} [HTTP::uri] ""]
    ACCESS::session data set session.lmt.sso.starturi "$SSO_URI"
    }

}

And connfigured the SSO configuration HTTP Form.

It's working.

However, Can we add the URI extraction in the VPE with "Variable Assign" ?

Thanks

Hi,

HTTP_REQUEST is not the good event to use as it is evaluated for any following requests and not only during policy evaluation.

you can do it with (event only evaluated when new session):

when ACCESS_SESSION_STARTED {
    if {[set uri [HTTP::uri]] contains "/idp/SSO.ping" && $uri contains "_"} {
        if {[scan $uri {/f5-w-%[^$]$$%s} garbage SSO_URI] == 2} {
            ACCESS::session data set session.lmt.sso.starturi "$SSO_URI"
        } else { 
            ACCESS::session data set session.lmt.sso.starturi $uri
        }
    }
}

or variable assign

session.lmt.sso.starturi =

if {[scan [mcget {session.server.landinguri}] {/f5-w-%[^$]$$%s} garbage SSO_URI] == 2} {
    return $SSO_URI
} else { return [mcget {session.server.landinguri}]}

If you want to evaluate this code for every requests, you must use ACCESS_ACL_ALLOWED event (same as HTTP_REQUEST but after APM and rewrite profile). in this event there is no need to parse HTTP::uri.

I have modify my irule with ACCESS_ACL_ALLOWED event. It's working

Thanks for your help

like that?

when ACCESS_ACL_ALLOWED {
    if {[HTTP::uri] contains "/idp/SSO.ping" && [HTTP::uri] contains "_"} {
        ACCESS::session data set session.lmt.sso.starturi [HTTP::uri]
    }
}

Yes :-)