Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Original URL redirect after APM authentification

mohammed1
Nimbostratus
Nimbostratus

‎16-Sep-2019 03:09

I need user gets automatically redirected to the original URI after the APM authentication is completed successfully.

 

Your help please

Thanks

Labels:
0 Kudos
5 REPLIES 5

youssef1
Cumulonimbus
Cumulonimbus

‎16-Sep-2019 04:36

Hi,

 

you simply create an assign variable before the end of your VPE and you set it as follows:

 

You can do IT manually, this means that whatever the user enters as URL, he will be redirected to the desired URL at the end of the authentication process.

 

Custom variables:

session.policy.result.redirect.url

 

custom Expression:

return "/myurl/"

 

otherwise the APM does it automatically. with the landing URI.

keep me in touch if you need more details. and if I answer to your need.

regards

0 Kudos

mohammed1
Nimbostratus
Nimbostratus

‎16-Sep-2019 08:31

Thank you for your fast response.

 

This is our expected behavior:

  • An internal application generates a link to an internal ressource (e.g. a downloadable PDF, etc.) and sends it by email to various recepients.
  • From the internet, when the user follows the recieved link, and is promted to authenticate via APM.
  • After successful authentication, the user needs to see the intended ressource. I.e. download the PDF.

 

Current behaviror:

  • After successful authentication, the user is redirected to the homepage of the web app. He needs extra navigation steps to get to the desired resource.
0 Kudos

Sajid
Cirrostratus
Cirrostratus

‎16-Sep-2019 11:30

Hi Mohammed,

 

Yes, I have achieved this for ezproxy (SaaS) application with SAML.

 

You need irule for landinguri

 

when ACCESS_POLICY_COMPLETED {

  switch -glob [string tolower [ACCESS::session data get session.server.landinguri]] {

  

 

***************************************************************************

  1. when HTTP_REQUEST {
  2. if { ( [HTTP::cookie exists MRHSession] ) and not ( [ACCESS::session exists -state_allow [HTTP::cookie value MRHSession]] ) } {
  3. if { ( [HTTP::uri] ne [ACCESS::session data get session.server.landinguri] ) and not ( [ACCESS::session data get session.server.landinguri] eq "" ) } {
  4. HTTP::redirect [ACCESS::session data get session.server.landinguri]
  5. }
  6. }
  7. }

from: https://devcentral.f5.com/s/question/0D51T00006i7PLA/access-policy-evaluation-is-already-in-progress...

 

https://clouddocs.f5.com/api/irules/ACCESS_POLICY_COMPLETED.html

 

K91940158: How to auto-launch SAML SP resources

 

https://support.f5.com/csp/article/K91940158

 

0 Kudos

youssef1
Cumulonimbus
Cumulonimbus

‎16-Sep-2019 12:09 - last edited on ‎01-Jun-2023 14:45 by Fog

Hi,

You have a strange behaviour.

By design, APM redirect the user to the session.server.landinguri after APM policy completed.

The session.server.landinguri is filled with the very first request the user do to your application. So, this var should be good for your need.

Can you test this irule by the way:

when ACCESS_POLICY_COMPLETED {
  set mylandinguri [ACCESS::session data get "session.server.landinguri"]
  ACCESS::respond 302 "Location" "$mylandinguri" "Connection" "Close"
}

It will respond to your need.

regards

0 Kudos

Nikoolayy1
MVP
MVP
In response to youssef1

‎30-Jun-2023 08:52

Have you tested this irule as on 16.1.3.5 this breaks the web page and there are TCL errors? I think that ACCESS:respond works well to return a custom page if the auth fails or the access policy is successfull but not for redirection.

0 Kudos
Copyright © 2023 Khoros, LLC