Webtop Return Without Reauthentication

Graham_Alderso1 · ‎06-Mar-2017

Problem this snippet solves:

By default if you hit "/" on a VS with a webtop assigned it will terminate the session and require reauthentication. This iRule will cause the user hitting "/" to be redirected to the previously assigned webtop without needing to reauthenticate if their session is still valid.

Here are a few example scenarios this iRule helps with: 1. User goes to a webtop, leaves, and later tries to return 2. User performs SP initiated SAML auth, authenticates to the webtop VS but never sees the webtop, and later tries to go to the webtop directly 3. User leverages SAML autolaunch iRule for IdP initiated SAML, then later tries to return and get the webtop

How to use this snippet:

Apply to the virtual server hosting the webtop.

Code :

when HTTP_REQUEST {
if {
( [HTTP::cookie exists MRHSession] ) &&
( [HTTP::uri] equals "/" ) &&
( [ACCESS::session exists -state_allow [HTTP::cookie value MRHSession]] )
} then {
HTTP::redirect "/vdesk/webtop.eui?webtop=[ACCESS::session data get "session.assigned.webtop"]&webtop_type=webtop_full"
}
}

Stanislas_Piro2 · ‎23-Oct-2017

Graham,

session.policy.result.start_uri variable contains the webtop URL used after authentication. you can use it instead of recreating it!

this code also include multi-domain support.

when HTTP_REQUEST {
    if { ( [set MRHSession_cookie [HTTP::cookie value "MRHSession"]] ne "" ) and ( [ACCESS::session exists -state_allow $MRHSession_cookie] ) } then {
        if { [HTTP::uri] equals "/" && ([set start_uri [ACCESS::session data get -sid $MRHSession_cookie "session.policy.result.start_uri"]] ne "")} {
            if {![PROFILE::access domain_mode] || [URI::host [PROFILE::access primary_auth_service]] equals [HTTP::host]} {
            HTTP::redirect $start_uri
            }
        }
    }
}

Graham_Alderso1 · ‎23-Oct-2017

Nice work!

DevCentral

Webtop Return Without Reauthentication