Decode ObjectSID from Base64-encode string
Hi, I have APM policy that I try to retrieve the user ObjectSID from Active Directory. The problem is that the APM give this object in Base64-encode string and not in it original format. Is there any way to decode it in the APM policy or iRule so I’ll get it at the end of the APM policy in it original SID format? eg I get it in the policy as AQUAAAAAAAAT1QZ9BTHHd5jj1Isdb88A== and I want the original SID format, such as S-1-5
two F5 iApp Citrix gateways behind same SSL LB
We need to migration from NetScaler to BigIP. On NetScaler we have two StoreFront FQDNs and they resolve to same VIP on one same Citrix Gateway. In other words, one same Citrix gateway provide service to two different Storefront URLs. We do this because of strict firewall rules between users and our NetScaler, they are managed by different IT teams. End-user doesn't have to whitelist another IP in their firewalls so we can re-use same IP to provide another storefront for end-user. This IP has been allowed for years. The citrix gateway has session policies checking host in http header so forward the traffic to different backend storefront with -wihome parameter. If user access FQDN_A then session policy matches and session action will forward the traffic to -wihome Storefront_URL_A. If user access FQDN_B then session policy matches and session action will forward the traffic to -wihome Storefront_URL_B. This setup works fine on NetScaler for more than two years. On F5 BigIP we created two gateways with iApp template. Each iApp gateway can support one Storefront FQDN so we create two gateways with iApp. Two FQDN resolve to same IP on NetScaler so we create a generic SSL LB in front of two iApp gateways and attached SNI based traffic policy. Now the issue is the user can login and authenticate with different FQDN, see storefronts UI, see allowed apps icon, get .ICA file but Citrix Workspace cannot establish VDI session with the ICA file. Citrix workspace stuck at "Opening the resource Connection in progress..." and failed at "Unable to start unable to launch your applications due to an internal error. Contact your system administrator." ICA works so I think the traffic from end-users to each iApp gateways through the front LB work and traffic policy works based on SNI check. Not sure why ICA work but VDI fails through LB. However, if I move the IP to one of iApp gateways, both ICA and VDI can work without problem. Thank you for your assistance.
Blazor WebSocket WebApp behind APM not working...
Dear community, we a trying to host a new web-application using Websockets. I created a websocket profile - but we always get the following errors: [2024-12-13T18:28:56.102Z] Information: Normalizing '_blazor' to 'https://remote-t.dfg.de/f5-w-687474703a2f2f73727767743238312e696e742e742e6466672e6465$$/f5-h-$$/_blazor'. blazor.server.js?F5CH=J:1 [2024-12-13T18:28:56.219Z] Warning: Failed to connect via WebSockets, using the Long Polling fallback transport. This may be due to a VPN or proxy blocking the connection. To troubleshoot this, visit https://aka.ms/blazor-server-using-fallback-long-polling. log @ blazor.server.js?F5CH=J:1 blazor.server.js?F5CH=J:1 [2024-12-13T18:28:56.267Z] Error: The circuit failed to initialize. log @ blazor.server.js?F5CH=J:1 blazor.server.js?F5CH=J:1 [2024-12-13T18:28:56.375Z] Information: Connection disconnected. blazor.server.js?F5CH=J:1 Uncaught (in promise) Error: Invocation canceled due to the underlying connection being closed. at Xt._connectionClosed (blazor.server.js?F5CH=J:1:62068) at Xt.connection.onclose (blazor.server.js?F5CH=J:1:51976) at pn._stopConnection (blazor.server.js?F5CH=J:1:91786) at features.reconnect.transport.onclose (blazor.server.js?F5CH=J:1:89471) at hn._raiseOnClose (blazor.server.js?F5CH=J:1:76756) at hn.stop (blazor.server.js?F5CH=J:1:76567) at async pn._stopInternal (blazor.server.js?F5CH=J:1:84144) at async pn.stop (blazor.server.js?F5CH=J:1:83975) at async Xt.stop (blazor.server.js?F5CH=J:1:55012) at async Ir.disconnect (blazor.server.js?F5CH=J:1:137836) Without APM, the Website ist working fine. What am I doing wrong? I value and appreciate your time and energy and look forward to hearing from you. Thank you.
APM Modern Customization - modify Header in user-common.js and form in user-logon.js
Hi! I try to customize the modern logon pages and as I have multiple pages so I want to modify the header section in the user-common.js and the single logon pages in the user-logon.js files. I somehow cannot make it work, currently only the header from user-common.js gets rendered but not the user-logon.js. It seems to me that they interfere with each other the way that I try to do that. user-common.js: define(['require', 'exports', 'tslib', 'module', 'apmui/page/logon/View'], function ( require, exports, tslib_1, module, View_1 ) { 'use strict'; Object.defineProperty(exports, '__esModule', { value: true }); requirejs.config({ map: { 'apmui/master/View': { 'apmui/page/logon/View': module.id, }, }, }); /* Replacement View component */ var CustomLogonView = /** @class */ (function (_super) { tslib_1.__extends(CustomLogonView, _super); function CustomLogonView() { return (_super !== null && _super.apply(this, arguments)) || this; } CustomLogonView.prototype.componentDidMount = function () { _super.prototype.componentDidMount.call(this); var header = document.getElementsByClassName('apmui-header')[0]; header.classList.add( 'header', 'sticky', 'top-0', 'left-0', 'z-10', 'w-full', 'box-border', 'flex', 'items-center', 'justify-center', 'text-sm', 'border-b', 'border-b-gray-300', 'dark:border-b-neutral-700' ); header.innerHTML = '<div class="flex flex-col w-full max-w-7xl p-4 gap-4 justify-between"><div class="flex flex-col w-full gap-2 overflow-hidden"><div class="flex flex-row w-full gap-8 select-none"><a class="h-14 pointer-events-none flex flex-shrink-0 place-items-center gap-4 p-8 lg:pointer-events-auto lg:p-0" href="/"><img alt="" loading="lazy" width="185" height="56" decoding="async" data-nimg="1" src="images/logo.svg" style="color: transparent;"></a><span class="flex flex-col flex-grow justify-center text-primary text-3xl font-semibold">PAGE HEADER</span></div></div></div>'; }; return CustomLogonView; })(View_1.default); exports.default = CustomLogonView; }); user-logon.js: define(['require', 'exports', 'tslib', 'module', 'apmui/page/logon/View'], function ( require, exports, tslib_1, module, View_1 ) { 'use strict'; Object.defineProperty(exports, '__esModule', { value: true }); requirejs.config({ map: { 'apmui/master/View': { 'apmui/page/logon/View': module.id, }, }, }); /* Replacement View component */ var CustomLogonView = /** @class */ (function (_super) { tslib_1.__extends(CustomLogonView, _super); function CustomLogonView() { return (_super !== null && _super.apply(this, arguments)) || this; } CustomLogonView.prototype.componentDidMount = function () { _super.prototype.componentDidMount.call(this); var content = document.getElementsByClassName('apmui-content')[0]; var content = document.createElement('div'); content.style.cssText = 'max-width: 400px; width: 100%; padding-top: 20px;'; content.innerHTML = "<p>Please register <a href='/register.php'>here</a> if you don't have an account yet.</p>"; }; return CustomLogonView; })(View_1.default); exports.default = CustomLogonView; }); How can I then modify only the header (or footer) via the user-common.js and the logon page content via user-logon.js files? I'm thankful for any advice :) Greetings, Eric
APM file and registry key date check 8 days old
Hello Guys, I need to have an APM box and maybe iRule for VPN connection to check windows file presence and registry key, if date is older than 8 days users cannot access and it goes to quarantena forcing compliance , if newver user can access to network. I see something with windows registry check value to fetch and get to variable to manipolate with iRule, but I don't understand exactly how to do it. Any advices? Thanks so much Fabrizio
APM Portal access 401 error
Hi, I am trying to present vpshere web interface via F5 APM, page loads fine but after login it throws an error: [401] This request requires HTTP authentication I get the same error if I load vpshere using the ip address rather than the fqdn, which I believe is due to a check of the fqn somewhere within vsphere, Is there anyway around this? I have other portals presented that work fine (different vendor) and a lot of other apps on there so need to be a bit careful as to not break anything else, I presume the answer will be to try and rewrite the url using an irule?
Yubikey APM and AzureAD question
HEy I'm trying to add the ability to use yubikeys as hardware keys to my Saml/Azureid logins. I saw this doc for how to do it with okta. Application access using YubiKey Authentication with APM and Okta | DevCentral I was wondering if their were similar instructions for Azure AD. It seems like the okta integration relies on okta connecter supporting yubikey in v 16.0. We are currently running 16.1.5, but I don't see something similar in the Azure AD connector. I was wondering how other people have done this? Or if their was something I'm missing? We've been able to add yubikeys to ont eh Azure Ad side, but they never show up when we try to use them as a 2nd factor with The BIG IP Edge client.
