06-Apr-2021 00:30
Hi
I have a VS which is acting as my SSO - its the landing spot for multidomain SSO.
I have a VS (it has ASM applied first) that then goes to another VS (this has APM applied)
I have a irule file with
when HTTP_REQUEST {
switch
"/status/* {
# with
HTTP::respond 200 content
}
I also have
set sid [ACCESS::session sid]
if { $sid == "" } {
how I get here is I browse to auth/status and if I have no valid cookies, then it logs me in. once I log in , I then go to the console and delete the session
but I can still get to auth/status with out the APM saying hey you cookie / session id is invalid.
how can I get irule to force a relogin back in ? and then return to auth/status ?
Why does apm allow me to get there ???
Also I have a per request policy with just does the SSO mapping item and then allow.
very confused
so why not put a back end to it. I want access to the session info
26-Apr-2021 00:53
The description of your issue is confusing and better edit your question with precise description of the issue.
For the ASM VIP to APM VIP you use Layered VS (https://support.f5.com/csp/article/K54217479) ?
You can also configure the ASM to protect the APM login page, so no one can can click other pages if they have not passed the login page:
https://support.f5.com/csp/article/K13315545
I think that you can use the Per-Request policy to force again a login.
Better review your multy domain config if you think that there are issues as you need to be carefull with profile scope (https://devcentral.f5.com/s/question/0D51T00006j20Ce/v12-apm-profile-scope😞
https://clouddocs.f5.com/training/community/iam/html/archived/class7/module1/lab7.html
For to clear APM session with iRule use "ACCESS::session remove"