Forum Discussion
Webtop Deeplink
A variation on a previous post:
https://devcentral.f5.com/questions/apm-open-a-second-startup-browser-after-the-webtop-portal-launch
Solution: layered virtuals - external LTM HTTPS VIP with SSL offload, STREAM profile, and iRule. Internal APM HTTP VIP with portal configuration and webtop.
iRule:
when HTTP_REQUEST {
STREAM::disable
if { ( [HTTP::uri] starts_with "/f5-w-" ) and not ( [ACCESS::policy result] eq "allow" ) } {
HTTP::respond 302 Location "https://[HTTP::host]" "Set-Cookie" "f5deeplink=[URI::encode [HTTP::uri]]; path=/"
} elseif { ( [HTTP::uri] starts_with "/vdesk/webtop.eui?webtop=" ) and ( [HTTP::cookie exists f5deeplink] ) } {
set catch [HTTP::cookie value f5deeplink]
}
virtual simple-vs
}
when HTTP_RESPONSE {
if { [info exists catch] } {
STREAM::expression "@@ @"
unset catch
STREAM::enable
HTTP::header insert "Set-Cookie" "f5deeplink=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT"
}
}
How it works:
-
If the user attempts to go to a deep link first, a link inside the portal that starts with "/f5-w-", we'll set a cookie containing the requested URI and then redirect to the main page for login.
-
Else if the request is for the webtop (after successful authentication) and the f5deeplink cookie exists, set a catch flag.
-
Use the virtual command to send the traffic to the internal APM VIP.
-
In the HTTP_RESPONSE event, if the catch variable exists, use the STREAM profile to inject a small piece of JavaScript at the end of the portal webtop page. This JavaScript will invoke the "F5_Inkvoke_open" function with the specified URI. This function is normally used within the webtop to open internal resources.
-
Send a Set-Cookie header to delete the f5deeplink cookie so that the requested tab only opens once.
The above will force the user to authenticate through the main portal logon, and then open a second tab to the requested resource. Also, because you're using JavaScript to open a new tab without user intervention, most browsers will see this as a popup and either block it or warn you. You'll need to add this site to a trusted hosts list to prevent the warning.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com