Big-IP and ADFS Part 5 – “Working with ADFS 3.0 and SNI”

I ended up making things work with a slight variant of a script linked from this article - for some reason the HOST, RECV, and URI variable definitions early in the script weren't working, which made everything go pear-shaped, so I hardcoded them in. This means I'll have to write a separate script for each different federated server I set up since the hostname (here, "fedserver.example.com") will be different for each external script. The node and port are correctly passed to the script by the monitor itself, so we don't have to write a separate script for each node or anything wacky like that. Uploaded the script through "System->File Management->External Monitor Program File List" and was able to use it in a new external monitor.

Here's my edited script:

!/bin/sh
 These arguments supplied automatically for all external monitors:
 $1 = IP (nnn.nnn.nnn.nnn notation)
 $2 = port (decimal, host byte order)

 This script expects the following Name/Value pairs:
 HOST = fedserver.example.com.
 URI = /FederationMetadata/2007-06/FederationMetadata.xml
 RECV = HTTP/1.1 200

 Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
NODE=`echo ${1} | sed 's/::ffff://'`
if [[ $NODE =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then
NODE=${NODE}
else
NODE=[${NODE}]
fi
PORT=${2}
PIDFILE="/var/run/`basename ${0}`.sni_monitor_fedserver.example.com_${PORT}_${NODE}.pid"
if [ -f $PIDFILE ]
then
echo "EAV exceeded runtime needed to kill fedserver.example.com:${PORT}:${NODE}" | logger -p local0.error
kill -9 `cat $PIDFILE` > /dev/null 2>&1
fi
echo "$$" > $PIDFILE
curl-apd -k -v -i --resolve fedserver.example.com:$PORT:$NODE https://fedserver.example.com/FederationMetadata/2007-06/FederationMetadata.xml| grep -i "HTTP/1.1 200" 2>&1 > /dev/null
STATUS=$?
rm -f $PIDFILE
if [ $STATUS -eq 0 ]
then
echo "UP"
fi
exit