cancel
Showing results for 
Search instead for 
Did you mean: 

iRule to restart APM session

CA_Valli
Cirrocumulus
Cirrocumulus

Hello, 

I'm deploying an environment where two separate portals, both published via F5 with separate access profiles, are hosted on the same F5 platform. 

There's hyperlinks in one of them that link to resources in the other portal. User will need to authenticate (separate authentication from the first portal) to see the resources. 

The problem I'm facing is that when hyperlink is clicked, F5 believes this is a hijacking attempt. It resets the authentication session previously opened for the first portal, and shows an error on the second logon page stating that the session was reset (showing ID for the session opened beforehand on the first portal). Clicking the "Start a new session" button does not restart authentication succesfully. 

I've noticed the only way to make it work will be opening a session on the second portal in the new page, then clicking the hyperlink will display "invalid username and password" and prompt for new authentication. 

I've thought about writing an iRule that drops&restarts authentication session if HTTP::referrer header is populated with the first portal, but I'm struggling to do so (so far I'm stuck in a redirect loop). 

Can anyone please help me with that?

So far it looks like

 

 

when ACCESS_SESSION_STARTED {
	if {[HTTP::header value Referer] equals "https://firstsite/" } {
            ACCESS::session remove
            ACCESS::respond 302 noserver Location "/"
            return
    }
}

 

 

 Thanks in advance

CA

1 ACCEPTED SOLUTION

CA_Valli
Cirrocumulus
Cirrocumulus

solved with brand new code to manage cookies.

View solution in original post

1 REPLY 1

CA_Valli
Cirrocumulus
Cirrocumulus

solved with brand new code to manage cookies.