Sharepoint 2013 Login redirect iRule problems
Hi, I'm having a problem with a Irule applied to a VS loadbalancing a sharepoint site. when HTTP_REQUEST { switch [HTTP::host] { sh.domain.com { if { [active_members SHAREPOINT_2013_HTTPS_pool] < 1 } { HTTP::respond 200 content {some content} } if { ( [string tolower [HTTP::uri]] contains "login.aspx" ) and ( [IP::addr [IP::client_addr] equals 10.0.0.0/8]) } { HTTP::redirect "https://sh.domain.com/_windows/default.aspx?ReturnUrl=/" } pool SHAREPOINT_2013_HTTPS_pool } sh.domain2.com { if { [active_members SHAREPOINT_2013_HTTPS_pool] < 1 } { HTTP::respond 200 content {some content} } if { ( [string tolower [HTTP::uri]] contains "login.aspx" ) and ( [IP::addr [IP::client_addr] equals 10.0.0.0/8] ) } { HTTP::redirect "https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/" } pool SHAREPOINT_2013_HTTPS_pool } } } What happens: Internal users: User wants to access URL: https://sh.domain.com/testguy Without the irule, internal clients connects to the sharepoint site from a ip in the 10.0.0.0/8 subnet, and are automaticly redirected to a sharepoint login page. The user then has to click a link to log inn. Clicking this link does nothing but redirect to https://sh.domain.com/_windows/default/.aspx?ReturnUrl=/testguy With the iRule, internal clients buypass the login screen correctly, but they are riderected to the home page of sharepoint (another redirect that happens when you request https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/) Trying to access the original URL : https://sh.domain.com/testguy again within the same browser now works correctly because the user is never redirected to login page, and therefor just sent straight to the pool. External users: Is currently working as expected. They are sent to login page, and have to click the login button and present credentials, and then redirected to the correct page. How can I have my internal users buypass the login page, and automaticly redirected to the requested URI? Is there a way to append the original URI to https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/[HTTP::uri] without causing a redirection loop? I have tried the above statement, but it creates a loop because the HTTP:uri is now the login page. Appreciate all input!
3 part redirect irule query. non www to www to https
Hello All We recently moved over to F5's from another load balancer product and have been gradually moving our staging and live services over after testing has been completed. However one issue has come up. On our previous load balancer there was a http redirect in place so that when users tried to access our SharePoint site without the www. prefix it would redirect them to a specific url e.g. https://www.sharepointsite.com/sites/homepage.aspx We have it set in the SharePoint 2013 iApp to redirect http traffic to https but my understanding is to do non www to www. we need a iRule. Is that correct? I realise this may sound a fairly trivial issue but all will become clear shortly. The reason why this isn't trivial is because I won't be able to test this on our staging area, I can only apply it on live, so I have to ensure I get it right. The reason for this is our staging area is https://staging.sharepointsite.com so the iRule wont be the same as if I was redirecting non www to www. I've spent some time searching on here and haven't found anyone else in exactly the same situation but did find a rule that I think will work. Please can you advise if what I've written below will work if I introduce it into a SharePoint 2013 iApp's config as a iRule. Or if not can you offer advice on what will work please. when HTTP_REQUEST { if { [string tolower [HTTP::host]] ends_with "sharepointsite.com" } { HTTP::redirect "https://www.sharepointsite.com[HTTP::uri]" } } That to me looks like it should work but I wondered if that maybe wouldn't be the case when introduced to a iApp. Or if it may take issue with the face theres no dot/fullstop/period before the initial sharepointsite.com Thanks in advance Rhys.
[LAB HELP] troubleshoot VS-sharepoint issue
Hi all! I am studying for the 201 certification and today i've tryed a more difficult project. I am configuring on my lab a vs for display a Sharepoint service. I follow this step: - Create a pool with a Sharepoint2013. - Create a VS on 443 with: SNAT, a connection profile and the precedent pool. - Add the iRule for connect on the correct link. At the access on the VS, it show the LoginPage but it not success. I have tryed to troubleshoot it, but on the header of the request (i have used an iRule) and respond i see on the header is "HTTP status : 0". Any ideas? I've only a test f5 v10.2 with LTM. Thanks for help, -AB
SharePoint 2013 functions breaks after Big IP upgraded to version 14.2
We have a SharePoint 2013 On-premise custom application, which lost some functionality after our recent Big-Ip upgrade to version 14.2. The landing page with a few webparts (including a Calendar webpart) will only display if we disable compression, but then all SharePoint List functionality such as filtering on columns, sort, pagination, etc. don't work and when expanding ">" in a List that has been "Grouped by" columns, we see the message "Working on...". For the filtering problem, we see a message about "insecure" pages and have to allow the content to display, the filter then displays the list of selections, but then making a selection does nothing-no filtering occurs. We can fix these List issues with an iRule shown below, but then the webpart page will stop displaying. It seems like this iRule and the decompression are "working against each other". We have tried using iApp template 1.0.0, 1.2.2 and 1.2.3. IRule: when HTTP_REQUEST { tell server not to compress response HTTP::header remove Accept-Encoding disable STREAM for request flow STREAM::disable } when HTTP_RESPONSE { catch and replace redirect headers if { [HTTP::header exists Location] } { HTTP::header replace Location [string map {"; ";} [HTTP::header Location]] } only look at text data if { [HTTP::header Content-Type] contains "text" } { create a STREAM expression to replace any http:// with https:// STREAM::expression {@http://@https://@} enable STREAM STREAM::enable } } Any idea how we can have both functionality working? Thanks!
How do I disable TLS 1.1 for the SharePoint 2010-2013 IAPP v 1.2.1
I am using the SharePoint IAPP to support our SharePoint farm. We are on 2013. We need to disable TLS 1.0 and 1.1 and I want to do so without breaking our SharePoint implementation. I am not able to change the existing SSL Client Profile because I am using the IAPP. Guidance for the best way to resolve this would be very much appreciated.
Help designing an access policy to work across multiple subdomains in Sharepoint?
I have a working access policy that works great for a pool of Sharepoint servers. My problem is when the user authenticates using username and password to dept1.mine.com they are prompted again when they click a link that goes to dept2.mine.com or dept3.mine.com. All of these sites reside on the same Sharepoint server(s). All of these sites are accessed through one virtual server and one pool of servers. Is there a way to have all the sites accessible after a single login? Logon Page -- AD Auth -- SSO Credential Mapping -- Allow
MS Access VBA connection to Sharepoint through MFA/APM
I have an Access (2010, 2013, 2016) application sent to users throughout the world. This application downloads data from a Sharepoint-based ticketing system for use offline. The Sharepoint system we use recently implemented a requirement for multi-factor authentication in order to connect using F5 Big-Ip APM. However, the MS Access prompt for credentials doesn't include the MFA argument. Users on the company VPN can connect just fine. In order to get on the VPN, one must enter their MFA credentials, so Sharepoint uses that. However, if users aren't on the VPN (some contractors do not have access), they aren't prompted for the MFA token and cannnot connect. However, if they go directly to the Sharepoint URL, they can login via MFA just fine - but the access application doesn't recognize that MFA connection/credientials even if the Sharepoint site is open. How can we pass MFA credentials from Microsoft Access to Sharepoint? Is there an add-in we can use to help bridge the two applications?
Shapreoint 2013 with APM and Office integration
Hi F5 Gurus, I try to configure APM for Sharepoint with Office integration. I have a web site app1.mycompany.com which host Sharepoint 2013 website. We are using Sharepoint apps to store files on another server file1.company.com. When not using APM, all is working. When use APM, after authentication user click on Doc or PDF files to open it. As the files is stored on file1.company.com. Normally the SSO through the persistent cookies should authenticate the existing session. I try the script from Stanilas Piron but without success : APM with Sharepoint and office integration. Rgds SilvereWhat is Sharepoint behavior on LTM failover?
Our typical deployments are Exchange, Skype & Sharepoint. I know that on LTM (active/standby) failover events the user impact is relatively low for Exchange & Skype. However I don't know what the impact is for Sharepoint. Can anyone point to an article or share their experiences? Oh SP 2013 Thanks Justin
Office Mobile Applications through APM to Sharepoint 2013
Hello Everyone, I have been attempting to get office mobile applications on iOS to work through APM using an iRule. I started out using this iRule: https://devcentral.f5.com/codeshare/apm-sharepoint-authentication While I was working through this, I noticed that office mobile clients are sending an HTTP preauthorization so the iRule was attempting to grab the username and password from that pre auth, setting them to blank, and then causing the access policy to fail. I have made a couple of tweaks to the iRule. I am sure many of you can do it much better than what I came up with. At this point, I can successfully establish an APM session, map my username and password properly to grab a kerberos SSO token, but then the app tells me it cannot connect and I am unsure why. I am wondering if anyone may have some thoughts or ideas to try.