F5 APM Webtop - RDP Session Logging
Hello F5 Experts, I am relatively new to the F5 advanced ecosystem, am trying to generate useful logs from our APM Webtop environment and am hoping that someone can point me in the correct direction. I am trying to log the following things from our environment: Initial login's to the Webtop including ClientIP, Webtop portal address, Browser UserAgent, Client Username. (Optional) Client group membership/published resources when they log into Webtop. When a client opens a Web Portal Access from within Webtop including,ClientIP, Webtop portal address, Browser UserAgent, Client Username, Web Portal Access Address. (It would be good to get their session duration for this but that might not be fesable). When a client opens a RDP link from within the Webtopincluding,ClientIP, Webtop portal address, Browser UserAgent, Client Username, RDP Address, SessionCookie(?). When a client connects to a RDP session though the Webtop using one of the downloaded links,ClientIP, Webtop portal address, Client Username, RDP Address, SessionCookie(?), Session start and end time (Maybe two different log events?). From what I can tell this is likely to be an iRule. I think I have an idea how to do the Webtop portal logging, but what is really eluding me is how to log the RDP session connection and duration. Any help or a direction where to look would be greatly appreciated. Thank you,427Views0likes1CommentAdded Internal site on F5 Webtop, now it mixes user accounts
Hi, I have internal booking website "x", which works properly when I access it directly. I have added it in F5 webtop portal for remote users. When remote user accesses the website and logs in with he's user, the portal or website (idk which) mixes user accounts, that is when user Y logs in from webtop, it may actually login a user Z using user T's credentials. I'm not sure if our website X has problem itself or it is webtops fault. Plesae suggest me something if you know this problem. Thanks, Diamond.769Views0likes7CommentsAPM Session deleted when following link Webtop Link to Application URI
Hi all, I have three virtuals: web1.mydomain.com web2.mydomain.com webtop.mydomain.com and each virtual has a separate APM Profile (Type: All, Scope: Global, Domain Cookie: mydomain.com, Login Page + AD Auth). The webtop has two Webtop Links (Type: Application URI) for web1 and web2 When I login to web1, I can switch to web2, no further auth is required. No matter if I open web2 in the same tab or in a different tab. This also works the other way round, authenticating first to web2 and then opening web1. But when I login to web1 and next I open webtop.mydomain.com, my session is deleted and I have to authenticate again to both (web1 and webtop). Also when I login to webtop and I click on the links to web1 or web2 the same happens. My access session for webtop is deleted and I have to login to webtop and web1/web2. I traced it so far, that the browser is sending the correct cookie to https://web1.mydomain.com/. But when it redirects to /my.policy the session is deleted. Is this the expected behaviour when mixing webtop and webtop links scenarios? Or am I hitting a bug? BIG-IP Version is 15.1.2.1 Thanks in advance & KR Daniel897Views0likes8CommentsWebtop and icons
Hello, Sorry for a probably obvious question, but I can't seem to find a solution. I'm trying to customize icons for various links in webtop (running BIG-IP 13.1.3.6 Build 0.0.4 Point Release 6). Everything works fine if the browser language is set to en-us or en, however for any other languages (such as fr or de) all icons change back to the default one (gray circle). Could it be due to a relatively old version of our F5 or there is a way to fix it? Thank you.webtopSolved1.2KViews0likes2CommentsHide applications from APM Citrix Webtop?
In Citrix Web Interface and Citrix Storefront it is possible to hide applications from appearing during app ennumeration with some modifications to their configuration files, even when a user has access to those apps. I have a APM Citrix webtop (it is replacing webinterface/storefront) I would like to do the same with. Is there some place I can configure or code I can modify to mask specific apps from appearing on the webtop? I know it seems like a strange request- but I need to filter a specific app from appearing only through one gateway while allowing it to appear for the same users in another gateway. Long story...hoping there is a way to do this with the webtop. Thanks!631Views0likes1CommentChange Webtop Remote Desktop Icon
I have an access policy for VMware VDI and I can't seem to change the icons for my webtop/remote desktop links. The default icon is "terminal_service.png" located in /var/sam/www/webtop/public/images/full_wt I have changed this to an icon with the same dimensions (32px) in Access Policy>Customization>Basic>Remote Desktop and General>Branding>Remote Desktops but still the old icon is dispayed. Any ideas?682Views0likes7CommentsLoad webtop from F5 Access edge client
I have an access profile set up for iOS devices to create a VPN connection via the F5 Access edge client. The network portion is working great. What I am struggling with is trying to present a set of bookmarks via webtop to frequently accessed resources people are accustomed to seeing (migrating from Pulse Secure). I have not found a way to display those bookmarks in the F5 Access client like Pulse Secure does. The closest I have come is a redirect either in the client (portal webtop) or Safari (via network access app launcher) to our portal page. Problem is, that requires them to login again since it is another session. I'm extremely new to all of this, so I'll keep poking around, just wanted to see if there were any suggestions from the community. Thanks!419Views0likes1CommentSP Initiated SAML Authentication stops at Webtop page
I'm trying to set up a new SAML connection with an external 3rd Party. I have one similar SAML connection set up and functioning with a different 3rd Party, but I can't see the difference between the two. I visit the URL of the external website, the browser is redirected to the F5's ssoportal, but it stops at the Webtop page, rather than redirecting the browser back to the website. When I view the logs, I can see that the F5 initiates a session for the user on the /Common/SSO-Portal.vs Virtual Server, processes the SSOPortal.profileAccess Profile, assigns all the SAML Resources (including the one I'm trying to use), but seems to stop there. If I compare it to the logs from the workign SAML connection, I can see the next step is "Client initiated SSO config received in metadata." I'm very new to SAML, so not sure where to start troubleshooting.1.3KViews0likes9CommentsBIGIP IdP, SP, Webtop?
I have read documentation but I started to get confused with what I need. I am trying to build a webportal (webtop) on my edge to allow access to protected systems. The Webtop will present the BIGIP portal to authenticate and force MFA with DUO and create the assertions for the protected systems on the back side of BIGIP that are SAML based. What would be the configuratio required to accomplish this? Do I need to make BIGIP act as IdP, or SP or both? or Federate BIGIP portal? Is there any documentation?324Views0likes1Comment