Forum Discussion

Ciscokid2010_28's avatar
Ciscokid2010_28
Icon for Nimbostratus rankNimbostratus
Jun 23, 2017

Vanity URL Redirect

We're working on migrating vanity URL's off a HTTP redirect server and on to the BIG-IP. Ultimately what we'd like to achieve is to have the BIG-IP redirect the vanity URL to the correct SSO URL (usually an IdP initiated link in PINGFED).

 

Currently, the redirect server has a binding for port 80 & 443, the 443 binding for each site uses the same wildcard certificate – we would obviously need to important this cert into the BIG-IP.

 

We'd like to create a new virtual server on the BIG-IP, and an irule that redirects vanity URL to correct SSO URL so we can migrate each site, one by one.

 

This is what I have so far for the irule:

 

when HTTP_REQUEST { if { [HTTP::host] equals "my-app-111.vanity-url.com" } { HTTP::redirect "https://my-app-111.mycompany-actual.com/idp/startSSO.ping?PartnerSpId=my-app-111"; }

 

Can anyone provide some suggestions on how to achieve this setup?

 

  • Whatever you have stated so far including the solution looks reasonable. Is there a problem that you are facing with the migration process ?

     

  • I forgot to mention that we have GTM in the middle, so the question how do we use the redirect server while maintaining the high availability. In the irule below:

     

    when HTTP_REQUEST { if { [HTTP::host] equals "my-app-111.vanity-url.com" } { HTTP::redirect "https://my-app-111.mycompany-actual.com/idp/startSSO.ping?PartnerSpId=my-app-111";; }

     

    Do we have to create a CNAME that points from the vanity URL domain to the GTM domain to then load balance between the two LTM VIPs that for the redirect to the actual URL? If so any configuration examples on what would be required on both the GTM and LTM?