i have 2 environment, prod and dev for some app. the customer is using the same URLs for each, and accessing DEV by changing the HOSTs file on the computer.
i have configured the PROD env to be published via ASM, and authentication is done using SAML by APM.
traffic of the app cannot pass the APM since the app uses "CORES" which is not supported by APM.
i was wondering if i can do some manipulation on the traffic and maybe to change the pool associated with the session
for example something like this:
1) user authenticate to the APM via SAML
2) the user will get some cookie
3) the ASM will choose the relevant pool according to the cookie
What does "CORES" mean?
AFAIU, you have the problem with passing traffic though APM and not ASM. Am I wrong?
If this is so, then this is APM related problem only, because APM gets traffic before ASM.
CORES is a browser security feature, it allows the app to send headers that instruct some security aspects that the browser should take on the presented web page
it seams that it is not supported on the APM module. to overcome this we have publish the web application using ASM, and enabled SAML authentication on the APP with another VS on the F5 with APM as IDP
CORS... got you.
So, it looks like you have a problem with APM only. Right?... and it looks like you resolved it by involving another VS. Am I right or you still have some problem?
yes you are right....
well now i have a request from the customer to allow access also to the DEV environment....
the problem both PROD and DEV uses the same FQDNs, and they are on different server..
i thought maybe by changing the selected POOL by some parameter i can have both of the environment published.