Hi Thomas,
Thanks you for your answer.
I understand what you mean. However, i don't think this will help. The URI's that are listed in the "login deny" messages all start with /Citrix. So the URI /customer1 only hits the first time. After that the user gets redirected to the /Citrix URI.
I think that the order of events is the following:
- User browses to /customer1 URI.
- iRule redirects user to /Citrix/Remote-Customer1/auth/login.aspx
- APM policy is being accessed and processed
- user is athenticated with SSO in the Citrix Webinterface
- user exists APM policy
- user is redirected by the Citrix Webinterface server to another URI
- APM policy goes into work for some URI's, not all (but only sometimes, not allways)
Mayby this helps narrowing it down.