Webtop Return Without Reauthentication
Problem this snippet solves:
By default if you hit "/" on a VS with a webtop assigned it will terminate the session and require reauthentication. This iRule will cause the user hitting "/" to be redirected to the previously assigned webtop without needing to reauthenticate if their session is still valid.
Here are a few example scenarios this iRule helps with: 1. User goes to a webtop, leaves, and later tries to return 2. User performs SP initiated SAML auth, authenticates to the webtop VS but never sees the webtop, and later tries to go to the webtop directly 3. User leverages SAML autolaunch iRule for IdP initiated SAML, then later tries to return and get the webtop
How to use this snippet:
Apply to the virtual server hosting the webtop.
Code :
when HTTP_REQUEST {
if {
( [HTTP::cookie exists MRHSession] ) &&
( [HTTP::uri] equals "/" ) &&
( [ACCESS::session exists -state_allow [HTTP::cookie value MRHSession]] )
} then {
HTTP::redirect "/vdesk/webtop.eui?webtop=[ACCESS::session data get "session.assigned.webtop"]&webtop_type=webtop_full"
}
}Published Mar 07, 2017
Version 1.0
Graham_Alderso1
Employee
EmployeeGraham_Alderso1Employee
Employee
Stanislas_Piro2Cumulonimbus
Graham,
variable contains the webtop URL used after authentication. you can use it instead of recreating it!session.policy.result.start_urithis code also include multi-domain support.
when HTTP_REQUEST { if { ( [set MRHSession_cookie [HTTP::cookie value "MRHSession"]] ne "" ) and ( [ACCESS::session exists -state_allow $MRHSession_cookie] ) } then { if { [HTTP::uri] equals "/" && ([set start_uri [ACCESS::session data get -sid $MRHSession_cookie "session.policy.result.start_uri"]] ne "")} { if {![PROFILE::access domain_mode] || [URI::host [PROFILE::access primary_auth_service]] equals [HTTP::host]} { HTTP::redirect $start_uri } } } }
Graham_Alderso1Nice work!