cancel
Showing results for 
Search instead for 
Did you mean: 
Graham_Alderso1
F5 Employee
F5 Employee

Problem this snippet solves:

By default if you hit "/" on a VS with a webtop assigned it will terminate the session and require reauthentication. This iRule will cause the user hitting "/" to be redirected to the previously assigned webtop without needing to reauthenticate if their session is still valid.

Here are a few example scenarios this iRule helps with: 1. User goes to a webtop, leaves, and later tries to return 2. User performs SP initiated SAML auth, authenticates to the webtop VS but never sees the webtop, and later tries to go to the webtop directly 3. User leverages SAML autolaunch iRule for IdP initiated SAML, then later tries to return and get the webtop

How to use this snippet:

Apply to the virtual server hosting the webtop.

Code :

when HTTP_REQUEST {
if {
( [HTTP::cookie exists MRHSession] ) &&
( [HTTP::uri] equals "/" ) &&
( [ACCESS::session exists -state_allow [HTTP::cookie value MRHSession]] )
} then {
HTTP::redirect "/vdesk/webtop.eui?webtop=[ACCESS::session data get "session.assigned.webtop"]&webtop_type=webtop_full"
}
}
Comments
Stanislas_Piro2
Cumulonimbus
Cumulonimbus

Graham,

 

session.policy.result.start_uri variable contains the webtop URL used after authentication. you can use it instead of recreating it!

 

this code also include multi-domain support.

 

when HTTP_REQUEST { if { ( [set MRHSession_cookie [HTTP::cookie value "MRHSession"]] ne "" ) and ( [ACCESS::session exists -state_allow $MRHSession_cookie] ) } then { if { [HTTP::uri] equals "/" && ([set start_uri [ACCESS::session data get -sid $MRHSession_cookie "session.policy.result.start_uri"]] ne "")} { if {![PROFILE::access domain_mode] || [URI::host [PROFILE::access primary_auth_service]] equals [HTTP::host]} { HTTP::redirect $start_uri } } } }
Graham_Alderso1
F5 Employee
F5 Employee

Nice work!

 

Version history
Last update:
‎06-Mar-2017 17:57
Updated by:
Contributors