Support for POST preservation when APM Multidomain SSO is configured

Problem this snippet solves: F5 doesn't support the preservation of the initial POST request when the Virtual Server has an access profile configured for Multidomain SSO. After authentication, the u...
Published Oct 23, 2017
Version 1.0
BIG-IP Access Policy Manager (APM)
devops
iRules
multi domain
post preservation
security
SSO
Yann_Desmarest's avatar
Yann_Desmarest
Icon for Cirrus rankCirrus
Oct 25, 2017

Hi Stanislas,

 

it works fine. Here an example. This use case is correctly managed by F5 on the IDP side.

 

POST /action_page.php HTTP/1.1 Host: sp.expertlab.net Connection: keep-alive Content-Length: 31 Pragma: no-cache Cache-Control: no-cache Origin: http://sp.expertlab.net Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.113 Chrome/60.0.3112.113 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer: http://sp.expertlab.net/test Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 Cookie: LastMRH_Session=13f5b45f; MRHSession=c2ba3c8cb4fa94f73a5a677513f5b45f

 

HTTP/1.0 307 Temporary Redirect Location: http://idp.expertlab.net/F5Networks-SSO-Req?SSO_ORIG_URI=aHR0cDovL3NwLmV4cGVydGxhYi5uZXQvYWN0aW9uX3BhZ2UucGhwP2N0PWFwcGxpY2F0aW9uJTJmeC13d3ctZm9ybS11cmxlbmNvZGVk Connection: close Content-Length: 0

 

POST /F5Networks-SSO-Req?SSO_ORIG_URI=aHR0cDovL3NwLmV4cGVydGxhYi5uZXQvYWN0aW9uX3BhZ2UucGhwP2N0PWFwcGxpY2F0aW9uJTJmeC13d3ctZm9ybS11cmxlbmNvZGVk HTTP/1.1 Host: idp.expertlab.net Connection: keep-alive Content-Length: 31 Pragma: no-cache Cache-Control: no-cache Origin: null Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.113 Chrome/60.0.3112.113 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer: http://sp.expertlab.net/test Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 Cookie: F5_ST=1z1z1z1508964180z604800; LastMRH_Session=b9303aab; MRHSession=8fff3a92fa20f06f74771e92b9303aab

 

HTTP/1.1 307 Temporary Redirect Server: BigIP Connection: Close Content-Length: 0 Location: http://sp.expertlab.net/F5Networks-SSO-Resp?SSO_ORIG_URI=aHR0cDovL3NwLmV4cGVydGxhYi5uZXQvYWN0aW9uX3BhZ2UucGhwP2N0PWFwcGxpY2F0aW9uJTJmeC13d3ctZm9ybS11cmxlbmNvZGVk&TOKEN=261ef078 Set-Cookie: LastMRH_Session=b9303aab;path=/ Set-Cookie: MRHSession=8fff3a92fa20f06f74771e92b9303aab;path=/

 

POST /F5Networks-SSO-Resp?SSO_ORIG_URI=aHR0cDovL3NwLmV4cGVydGxhYi5uZXQvYWN0aW9uX3BhZ2UucGhwP2N0PWFwcGxpY2F0aW9uJTJmeC13d3ctZm9ybS11cmxlbmNvZGVk&TOKEN=261ef078 HTTP/1.1 Host: sp.expertlab.net Connection: keep-alive Content-Length: 31 Pragma: no-cache Cache-Control: no-cache Origin: null Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.113 Chrome/60.0.3112.113 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer: http://sp.expertlab.net/test Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 Cookie: LastMRH_Session=13f5b45f; MRHSession=c2ba3c8cb4fa94f73a5a677513f5b45f

 

HTTP/1.1 307 Temporary Redirect Server: BigIP Connection: Close Content-Length: 0 Location: http://sp.expertlab.net/action_page.php?ct=application%2fx-www-form-urlencoded Set-Cookie: LastMRH_Session=b9303aab;path=/ Set-Cookie: MRHSession=8fff3a92fa20f06f74771e92b9303aab;path=/

 

POST /action_page.php?ct=application%2fx-www-form-urlencoded HTTP/1.1 Host: sp.expertlab.net Connection: keep-alive Content-Length: 31 Pragma: no-cache Cache-Control: no-cache Origin: null Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.113 Chrome/60.0.3112.113 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer: http://sp.expertlab.net/test Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 Cookie: LastMRH_Session=b9303aab; MRHSession=8fff3a92fa20f06f74771e92b9303aab

 

firstname=Mickey&lastname=Mouse

 

HTTP/1.0 200 OK Content-Type: text/html Server: BigIP Connection: Keep-Alive Content-Length: 324