iRule for Seamless URI Redirection

Question

Hello all,&nbsp;
I am hoping someone can assist in either helping write an iRule or point me to one that has already been written for the below requirement.&nbsp;
The use case is - &nbsp;
A client is using APM to provide internal and external access to Google Mail using SAML SSO and along side this provide external access to a Web Portal resource also via APM. We have configured the internal access to authenticate users with Kerberos (to avoid them having to login with AD creds) and then pass on to Full Resource Assign (SAML SSO for Google Mail). The external access client are required to login via Logon Page/AD Auth and then SAML SSO for Google Mail kicks in.&nbsp;
Requirement - &nbsp;
The client wants to use a URI Landing page function to identify certain URIs at the end of their domain i.e. remote.companydomain.com/mail) and then redirect that to a certain resource to make the user experience as seamless and automated as possible. They have hinted that they would prefer the users not have to click on any resource icons on the webtop and this is where the URI automation comes in.&nbsp;
There is no requirement for the iRule to handle any AAA as this is already working within the VPM using Macros etc.&nbsp;
I have been told by F5 that this is possible with an iRule or two but do not have any skills with iRules. There is an iRule currently configured that is only providing the seamless automation for the SAML SSO for Google Apps but would like to expand on this to include the URI identification and redirection to the relevant resource.&nbsp;
The current iRule is:
when ACCESS_POLICY_COMPLETED {       Redirect to the Portal Object       ACCESS::respond 302 Location "/saml/idp/res?id=/Common/gapps_sso"}&nbsp;
This iRule will be somewhat irrelevant with the new iRule as the above is basically a catch all when the access policy completes with an "Allow" and is only specific for the GAPPS SAML SSO.&nbsp;
So the flow should be something like this: &nbsp;
domain.com/mail -&gt; AAA -&gt; GMail SAML SSO*   domain.com/uri_1 -&gt; AAA -&gt; Internal Portal Resource 1domain.com/uri_2 -&gt; AAA -&gt; Internal Portal Resource 2domain.com/uri_3 -&gt; AAA -&gt; Internal Portal Resource 3
If anyone can assist, I would be most grateful.&nbsp;
Thanks in advance.&nbsp;
Nick&nbsp;

what_lies_bene1 · Answer

Shouldn't be too hard but can you confirm that the iRule only needs to consider the last part of the flow please (after the last AAA action/event)? In other words, can the iRule event be 'when HTTP_RESPONSE'?

bboyjnr_8532 · Answer

try looking here...&nbsp;
https://devcentral.f5.com/wiki/irules.http__uri.ashx&nbsp;
gives you an example of URI based load blancing, if your using an APM policy with no resource assign set and an ending of allow then the traffic falls back to the VS resources such as default pool and iRules.&nbsp;
I may be wrong but its a start ;)&nbsp;

Forum Discussion

iRule for Seamless URI Redirection

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

About custome Response Blocking Page

About IPI check ip list

Related Content

iRule redirection

URL redirection irule

Anchor Link Redirect

IRULE - redirect URI

Leveraging BIG-IP APM for seamless client NTLM Authentication