Forum Discussion

Nolan_Jensen_23's avatar
Nolan_Jensen_23
Icon for Nimbostratus rankNimbostratus
Jan 17, 2018

Webtop with portal access and saml resources

Hello All,

 

I wanted to see if I am doing something wrong with trying to configure my webtop as it doesn't seem to be working the way I envisioned.

 

I am trying to setup a webtop that users can access a few applications externally but in order to get the functionality that I want I have it configured like this.

 

I have access policy with Logon page > AD Auth > AD Query > SSO Credential Mapping and finally all the the below advanced resources assigned

 

  • Full Webtop
  • Portal access to one of the apps
  • couple of saml connections
  • couple of webtop links

Issue

 

When ever I have a tab open to the application that is configured for portal access it will not let me access any of the saml connections. When I try to open any of the saml connections I get this error from fiddler "ReadResponse() failed: The server did not return a complete response for this request. Server returned 0 bytes" and "Secure Connection Failed" from the browser when not using fiddler.

 

If I close the tab with portal application I can then load the saml connections without any issues.

 

Please advise on what I am doing wrong.

 

Thank you!

 

application delivery
BIG-IP Access Policy Manager (APM)
portal access
saml
webtop

2 Replies

Sort By
  • Nolan_Jensen's avatar
    Nolan_Jensen
    Icon for Cirrostratus rankCirrostratus
    Jan 19, 2018

    quick update I have identified that if I turn off JavaScript Patching on the app that is setup for portal access I am able to access my saml resources.

     

    That said I still need JavaScript Patching enabled for the app to function so how can I have JavaScript patching for the portal access application but turn it off for a list of saml resources?

     

    Thanks

     

  • Nolan_Jensen's avatar
    Nolan_Jensen
    Icon for Cirrostratus rankCirrostratus
    Mar 30, 2018

    For anyone who comes across this post here was the reason for the issue and the work around provided by support.

     

    https://support.f5.com/csp/article/K15387

     

    "MRHSHint: Cookie is used for Microsoft SharePoint or for IBM Lotus Domino iNotes. MRHSHint cookie is used to carry information for SharePoint ActiveX controls."

     

    To workaround this issue, implement the following iRule on the APM virtual server:

     

    when HTTP_REQUEST { if { [HTTP::uri] contains "/saml/idp/res?id=" && [HTTP::cookie exists "MRHSHint"] } { log local0. "Removed MRHSHint cookie from request URI [HTTP::uri]" HTTP::cookie remove "MRHSHint" } }