Forum Discussion
Keith_Fox_15580
Jan 16, 2015Nimbostratus
This is the log that I got to the log local, I changed the server names, but it should give you a general idea... really frustrated with this site, and trying to get it to work. Thanks for all the help!
Jan 16 15:20:40 bigip info tmm[15713]: Rule /Common/Log_rule : Request URL: publicname.domain.com Jan 16 15:20:40 bigip info tmm[15713]: Rule /Common/Log_rule : Response: Status=302 | Location=http://SERVER2.domain.com:80/sso/SSOServlet?_action=LOGINASSERT&_ssoOrigUrl=http%3A%2F%2SERVER1.domain.com%3A9080%2Fefs&_TKM=TODO-UI&_serviceName=LBIDSP&_ssoTenant=DEFAULT&_ssoAuthUrl=http%3A%2F%2SERVER1.domain.com%3A9080%2Fsso%2FSSOServlet&_ssovaltoken=yGoOGEPj3EBZvpFzWYSVSWj0EIQ%3D
- Michael_JenkinsJan 16, 2015CirrostratusOk. And you said that server1.domain.com and server2.domain.com aren't internet acessible, but your users are accessing this through internet, so they need publicname.domain.com? In this case, there's a couple things you might do. You could follow the ideas in this article (https://devcentral.f5.com/s/articles/rewriting-redirects) for the iRule redirect rewriting and replace server2.domain.com and server1.domain.com with publicname.domain.com and then change the iRule to check for starting with "/sso" and route to the auth pool. Then you still have only one path. The other way would be to have a second dns name like auth.domain.com and do basically the same thing as the other, but in the request, check for auth.domain.com host instead of the uri to decide which pool to send it to. Hope this makes sense.
- What_Lies_Bene1Jan 19, 2015CirrostratusJust FYI, I'm pretty sure a stream profile won't rewrite a HTTP header, only the body.