Support for POST preservation when APM Multidomain SSO is configured

Problem this snippet solves: F5 doesn't support the preservation of the initial POST request when the Virtual Server has an access profile configured for Multidomain SSO. After authentication, the u...
Published Oct 23, 2017
Version 1.0
BIG-IP Access Policy Manager (APM)
devops
iRules
multi domain
post preservation
security
SSO
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Oct 27, 2017

Hi,

 

Really nice work. I never saw How POST requests were handled for new session. you made this code have almost the same behavior as single domain SSO!

 

here are some code improvements:

 

add query string parameters (with or without query string parameters):

 

set uri [HTTP::path]?[join "[HTTP::query] ct=[URI::encode [HTTP::header Content-Type]] f5-mdsso-post=1" &]

In your http code to resubmit, you don't manage existing query string (the action is [HTTP::path]).

 

you can use the following action to remove your parameters :

 

set action [string trimrigth [getfield HTTP::uri "ct=" 1] ?&]

limit ACCESS::session usage :

 

change the first condition with :

 

if { ![set active_session [ACCESS::session exists [HTTP::cookie MRHSession]]]

then for next conditions:

 

  if { $active_session && ...