SP Initiated SAML Authentication stops at Webtop page
I'm trying to set up a new SAML connection with an external 3rd Party. I have one similar SAML connection set up and functioning with a different 3rd Party, but I can't see the difference between the two. I visit the URL of the external website, the browser is redirected to the F5's ssoportal, but it stops at the Webtop page, rather than redirecting the browser back to the website. When I view the logs, I can see that the F5 initiates a session for the user on the /Common/SSO-Portal.vs Virtual Server, processes the SSOPortal.profileAccess Profile, assigns all the SAML Resources (including the one I'm trying to use), but seems to stop there. If I compare it to the logs from the workign SAML connection, I can see the next step is "Client initiated SSO config received in metadata." I'm very new to SAML, so not sure where to start troubleshooting.
Hosted Content files upload with wrong mime types 13.1
I am running BIG-IP 13.1.0.3 Build 0.0.5 Point Release 3 VE. When I upload a .zip package or just standalone file to the hosted content, the wrong mime types are added by to the hosted content files. This seems to break my websites and webapps. I've tried patching this behavior myself but I have not been able to figure our exactly where the BIGIP is getting the mime type configuration from. The hosted content does not seem to get the mime type configuration found under /config/httpd/conf/httpd.conf or from /dev/mime.types. I'm not sure if possibly the configuration within /config/httpd/conf/magic might be having an effect on this behavior, however I don't think it does. From my earlier testing it seems that the BIGIP uses some nginx packages on its web rewriter and these packages seem to be fairly obfuscated within the F5 file system. I suspect the Hosted content's mime type attribute config file is also obfuscated some how which would explain why I couldn't find it poking around.. Or maybe I'm barking up the wrong tree here. Anyway.. I've tried to set AddType text/plain .css for my css files in httpd.conf with tmsh, to no avail. Command I tried: [ sudo tmsh modify sys httpd include 'AddType text/css .css' ]. This changed the httpd.conf file but the .css file still uploaded with the wrong mime type. So my question is, is it even possible to change the behavior on how the hosted content attributes files with mime types when uploaded? I would figure this is based on file extension. When I deliver my webapp package to my users will I need to instruct them to double check the mime type? I've come to the conclusion that the only way to do this is to change the mime types on-the-fly using an iRule. However I hate solving problems with an iRule like this that shouldn't exist in the first place. I've seen similar bug reports about bad mime types in the hosted content but these were for version 11.x... Any help here would be appreciated. Also there has to be a file somewhere that contains the mime type configuration that is seen when you click to edit the hosted content file properties and then change the mime type. This list must come from somewhere none-obvious. File types I am having issues with: .jar application/zip Zip Archive .gif application/octet-stream Binary Data .svg text/html html .js text/x-c C source file .css text/plainAPM Session deleted when following link Webtop Link to Application URI
Hi all, I have three virtuals: web1.mydomain.com web2.mydomain.com webtop.mydomain.com and each virtual has a separate APM Profile (Type: All, Scope: Global, Domain Cookie: mydomain.com, Login Page + AD Auth). The webtop has two Webtop Links (Type: Application URI) for web1 and web2 When I login to web1, I can switch to web2, no further auth is required. No matter if I open web2 in the same tab or in a different tab. This also works the other way round, authenticating first to web2 and then opening web1. But when I login to web1 and next I open webtop.mydomain.com, my session is deleted and I have to authenticate again to both (web1 and webtop). Also when I login to webtop and I click on the links to web1 or web2 the same happens. My access session for webtop is deleted and I have to login to webtop and web1/web2. I traced it so far, that the browser is sending the correct cookie to https://web1.mydomain.com/. But when it redirects to /my.policy the session is deleted. Is this the expected behaviour when mixing webtop and webtop links scenarios? Or am I hitting a bug? BIG-IP Version is 15.1.2.1 Thanks in advance & KR DanielAdded Internal site on F5 Webtop, now it mixes user accounts
Hi, I have internal booking website "x", which works properly when I access it directly. I have added it in F5 webtop portal for remote users. When remote user accesses the website and logs in with he's user, the portal or website (idk which) mixes user accounts, that is when user Y logs in from webtop, it may actually login a user Z using user T's credentials. I'm not sure if our website X has problem itself or it is webtops fault. Plesae suggest me something if you know this problem. Thanks, Diamond.
Change Webtop Remote Desktop Icon
I have an access policy for VMware VDI and I can't seem to change the icons for my webtop/remote desktop links. The default icon is "terminal_service.png" located in /var/sam/www/webtop/public/images/full_wt I have changed this to an icon with the same dimensions (32px) in Access Policy>Customization>Basic>Remote Desktop and General>Branding>Remote Desktops but still the old icon is dispayed. Any ideas?
Hide applications from APM Citrix Webtop?
In Citrix Web Interface and Citrix Storefront it is possible to hide applications from appearing during app ennumeration with some modifications to their configuration files, even when a user has access to those apps. I have a APM Citrix webtop (it is replacing webinterface/storefront) I would like to do the same with. Is there some place I can configure or code I can modify to mask specific apps from appearing on the webtop? I know it seems like a strange request- but I need to filter a specific app from appearing only through one gateway while allowing it to appear for the same users in another gateway. Long story...hoping there is a way to do this with the webtop. Thanks!
