using irules to deliver pages

AlexS_yb · ‎06-Apr-2021

Hi

I have a VS which is acting as my SSO - its the landing spot for multidomain SSO.

I have a VS (it has ASM applied first) that then goes to another VS (this has APM applied)

I have a irule file with

when HTTP_REQUEST {

switch

"/status/* {

# with

HTTP::respond 200 content

}

I also have

set sid [ACCESS::session sid]

if { $sid == "" } {

how I get here is I browse to auth/status and if I have no valid cookies, then it logs me in. once I log in , I then go to the console and delete the session

but I can still get to auth/status with out the APM saying hey you cookie / session id is invalid.

how can I get irule to force a relogin back in ? and then return to auth/status ?

Why does apm allow me to get there ???

Also I have a per request policy with just does the SSO mapping item and then allow.

very confused

so why not put a back end to it. I want access to the session info

Nikoolayy1 · ‎26-Apr-2021

The description of your issue is confusing and better edit your question with precise description of the issue.

For the ASM VIP to APM VIP you use Layered VS (https://support.f5.com/csp/article/K54217479) ?

You can also configure the ASM to protect the APM login page, so no one can can click other pages if they have not passed the login page:

https://support.f5.com/csp/article/K13315545

I think that you can use the Per-Request policy to force again a login.

Better review your multy domain config if you think that there are issues as you need to be carefull with profile scope (https://devcentral.f5.com/s/question/0D51T00006j20Ce/v12-apm-profile-scope😞

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-1-0/2...

https://clouddocs.f5.com/training/community/iam/html/archived/class7/module1/lab7.html

For to clear APM session with iRule use "ACCESS::session remove"

https://clouddocs.f5.com/api/irules/ACCESS__session.html

DevCentral

using irules to deliver pages