I'm deploying an environment where two separate portals, both published via F5 with separate access profiles, are hosted on the same F5 platform.
There's hyperlinks in one of them that link to resources in the other portal. User will need to authenticate (separate authentication from the first portal) to see the resources.
The problem I'm facing is that when hyperlink is clicked, F5 believes this is a hijacking attempt. It resets the authentication session previously opened for the first portal, and shows an error on the second logon page stating that the session was reset (showing ID for the session opened beforehand on the first portal). Clicking the "Start a new session" button does not restart authentication succesfully.
I've noticed the only way to make it work will be opening a session on the second portal in the new page, then clicking the hyperlink will display "invalid username and password" and prompt for new authentication.
I've thought about writing an iRule that drops&restarts authentication session if HTTP::referrer header is populated with the first portal, but I'm struggling to do so (so far I'm stuck in a redirect loop).
Can anyone please help me with that?
So far it looks like
when ACCESS_SESSION_STARTED {
if {[HTTP::header value Referer] equals "https://firstsite/" } {
ACCESS::session remove
ACCESS::respond 302 noserver Location "/"
return
}
}
