cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Help with Access policy and embedded links asking for login again

Rosieodonell
Cirrus
Cirrus

Hey Everyone,

 

I have virtual server that has a log in page (webpage A) that request AD authentication and 2 factor for a user. It opens up to a SharePoint site and on one of the SharePoint pages it has a "URL" that points to another location (webpage B) on another pool. I have an irule that looks like this for the virtual server:

 

when HTTP_REQUEST {  if {[info exists accessbypass] && ($accessbypass equals "1") && [string tolower [HTTP::host]] starts_with "webpageB"} {    ACCESS::disable    pool webpageB_80_pool  } elseif {[string tolower [HTTP::host]] starts_with "webpageB"}{    ACCESS::enable    pool webpageB_80_pool    set accessbypass 1  } else {    ACCESS::enable    set accessbypass 1  } }

 

So basically when a user logs into webpageA they get the prompt and sign in fine. they then click on the link on webpageA to webpageB and get prompted for a sign in again. I want it to not prompt the user for a log-in if they have already signed into webpageA and get redirected to webpageB. However if they go directly to webpageB i want to have them sign in. This traffic is all on the same virtual server. I have tried setting the "profile scope" to virtual server and global but that didn't help.

 

Hopefully someone has a suggestion to help me?

1 ACCEPTED SOLUTION

Rosieodonell
Cirrus
Cirrus

Hey Everyone,

 

i did a different work around to make this work. I used a rewrite profile and a irule to fix my issue. The rewrite profile allowed me to rewrite the traffic if the users had a link that started with the following:

 

https://webpageA.company.com/loginportal/

 

and changed the traffic to:

 

http://webpageB.company.com/

 

on the back end. It would then leave all the remaining webpageA traffic alone. Same with the irule:

 

when HTTP_REQUEST {

  switch -glob -- [string tolower [HTTP::uri]] {

    "/loginportal" -

    "/loginportal/*" {

      pool webpageB_80_pool

    }

    "*CONTAINS*" {}

    "STARTSWITH*" {}

    "*ENDSWITH" {}       

  }

}

 

All the normal webpageA traffic worked fine but the traffic with the URL link "loginportal/" went to the new pool correctly. Just wanted to share what i did to fix it and not leave a question up in devcentral.

View solution in original post

1 REPLY 1

Rosieodonell
Cirrus
Cirrus

Hey Everyone,

 

i did a different work around to make this work. I used a rewrite profile and a irule to fix my issue. The rewrite profile allowed me to rewrite the traffic if the users had a link that started with the following:

 

https://webpageA.company.com/loginportal/

 

and changed the traffic to:

 

http://webpageB.company.com/

 

on the back end. It would then leave all the remaining webpageA traffic alone. Same with the irule:

 

when HTTP_REQUEST {

  switch -glob -- [string tolower [HTTP::uri]] {

    "/loginportal" -

    "/loginportal/*" {

      pool webpageB_80_pool

    }

    "*CONTAINS*" {}

    "STARTSWITH*" {}

    "*ENDSWITH" {}       

  }

}

 

All the normal webpageA traffic worked fine but the traffic with the URL link "loginportal/" went to the new pool correctly. Just wanted to share what i did to fix it and not leave a question up in devcentral.