Not Returning back to the current loadbalancer url from external service

Question

Hi All,
For achieving the below use case i have written the following service.From the current url calling the ezternal Cookiegenerator.html service and SMCookie got generated. 
But it is not returning to the current loadbalancer url. After pressing enter button only it is returning to current url(finalusers.html)
Please advise on this i tried with HTTP::retry in HTTP_RESPONSE.
UseCase:
1) Enter LoadBalancer url http://xmppwst.airservices.eds.com/OAuthDemo/finalusers.html i.e( Actually it is mapped to http://usclspcit192.airservices.eds.com/OAuthDemo/finalusers.html”)
2) Enter userid/password (testuser1/p@ssw0rd)
3) Grab userid/Password(i.e Authorization Header) OR SMCOOKIE
4) Call http://xmppt.airservices.eds.com:8080/TestBasicAuth/cookiegenerator.html with Authorization Header OR SMCOOKIE (Note user shouldn’t it is redirected to 208 box always we need to show loadbalancer url (http://usclssoat208.airsoatest.airservices.eds.com/TestBasicAuth/cookiegenerator.html)
5) Siteminder Authentication returns the Siteminder Cookie
6) AT f5 Grab the SMCookie from 208 box
7) http://xmppwst.airservices.eds.com/OAuthDemo/finalusers.html with SMCookie
when CLIENT_ACCEPTED {
   set cookie 1
   set gotpath 0
   set smsession ""
   set def_pool [LB::server pool]
   set sm 0 
}
when HTTP_REQUEST {
   if { $gotpath == 0 &amp;&amp; $sm == 0 } {
         pool Rachel_test_8080
         HTTP::uri /OAuthDemo/cookiegenerator.html
         if { [HTTP::header exists "Authorization"] } {
          set authzheaders "Authorization: [HTTP::header value Authorization]"
         }

set request_headers [HTTP::request]  
          set gotpath 1

} elseif { $sm == 1 } {
          pool $def_pool
  }
}

when HTTP_RESPONSE {
 log local0. "http_response: cookie:test22=$cookie; status:test22=[HTTP::status]; sm=[HTTP::cookie exists "SMSESSION"]"

if { [HTTP::cookie exists "SMSESSION"] } {
    set smsession "SMSESSION=[HTTP::cookie value SMSESSION]"
    set sm 1
  }

if { [HTTP::status] == 404} {
    HTTP::retry $smsession
 }

}
Regards,
Praque

juerg_wiesmann · Answer

Hi
Pretty confusing this.
Who would set the cookie ?
Is this all on the same virtual server? 
Returning to the old Path is normally done using a HTTP redirect. 
Or http response 301
You reset your vars when client connects which is for every request.
Not sure I get the complete picture. 
Regards
Wiesmann&nbsp;

juerg_wiesmann · Answer

when CLIENT_ACCEPTED { 
    set cookie 1 set gotpath 0 
    set smsession "" 
    set def_pool [LB::server pool] 
    set sm 0  
    } 
when HTTP_REQUEST { 
    if { $gotpath == 0 &amp;amp;&amp;amp; $sm == 0 } {
        pool Rachel_test_8080 
        [HTTP::uri] /OAuthDemo/cookiegenerator.html
        set request_headers [HTTP::request]
      if { [HTTP::header exists "Authorization"] } {
          set authzheaders "Authorization: [HTTP::header value Authorization]" 
          }
          set gotpath 1 
          } elseif { 
                $sm == 1 } {
                pool $def_pool  
                } 
        } 
when HTTP_RESPONSE { 
log local0. "http_response: cookie:test22=$cookie; status:test22=[HTTP::status]; sm=[HTTP::cookie exists "SMSESSION"]"
    if { [HTTP::cookie exists "SMSESSION"] } { 
        set smsession "SMSESSION=[HTTP::cookie value SMSESSION]"
        set sm 1 
        } 
    if { [HTTP::status] == 404} { 
        HTTP::retry $smsession 
        }

I tried to format the irule a bit better, but it still dosn't make sense to me.

juerg_wiesmann · Answer

Looking at: "set authzheaders"
Why do you set a Variable you never reuse again ?
What is the purpose of this.&nbsp;
First request... will select the Pool Rachel_test_8080 (will that Pool accept the Request planned for the other server ?&nbsp;
when HTTP_REQUEST { 
    if { $gotpath == 0 &amp;&amp; $sm == 0 } { 
    pool Rachel_test_8080 &nbsp;
I would think a connection flow diagram would help to understand what you plan to do.&nbsp;

praque_135655 · Answer

Thanks Juerg. Please find the details required. i have removed the authorisation header.&nbsp;
Steps: 1) User Hitting LoadBalancer URL in Browser ("http://xmppwst.airservices.eds.com/OAuthDemo/finalusers.html") This is default POOL(Rachel_Test).&nbsp;
2) Siteminder challenges the user, Enter userid/password.&nbsp;
3) Grap userid/password using irule and post to another loadbalancer url(http://xmppt.airservices.eds.com/OAuthDemo/cookiegenerator.html) Cookie generator authenticate the user and return the SiteminderCookie(SMCookie). Note this loadbalancer url is mapped to(Rachel_Test_8080).&nbsp;
4) After grapping the SMCookie and landing page shown to user(http://xmppwst.airservices.eds.com/OAuthDemo/finalusers.html). (ie default pool url(Rachel_Test))&nbsp;
when CLIENT_ACCEPTED { set cookie 1 set gotpath 0 set smsession "" set def_pool [LB::server pool] set sm 0
&nbsp;} when HTTP_REQUEST { if { $gotpath == 0 &amp;&amp; $sm == 0 } { pool Rachel_test_8080 [HTTP::uri] /OAuthDemo/cookiegenerator.html set request_headers [HTTP::request] set gotpath 1 } elseif { $sm == 1 } { pool $def_pool
&nbsp;} } when HTTP_RESPONSE { log local0. "http_response: cookie:test22=$cookie; status:test22=[HTTP::status]; sm=[HTTP::cookie exists "SMSESSION"]" if { [HTTP::cookie exists "SMSESSION"] } { set smsession "SMSESSION=[HTTP::cookie value SMSESSION]" set sm 1 } if { [HTTP::status] == 404} { HTTP::retry $smsession } &nbsp;

juerg_wiesmann · Answer

when CLIENT_ACCEPTED { 
    set cookie 1 set gotpath 0 
    set smsession "" 
    set def_pool [LB::server pool] set sm 0 
} 
when HTTP_REQUEST { 
    if { $gotpath == 0 &amp;&amp; $sm == 0 } { 
        pool Rachel_test_8080 
        [HTTP::uri] /OAuthDemo/cookiegenerator.html 
        set request_headers [HTTP::request] 
        set gotpath 1 
     } elseif { 
            $sm == 1 } { 
            pool $def_pool
    } 
    } 
when HTTP_RESPONSE { 
    log local0. "http_response: cookie:test22=$cookie status:test22=[HTTP::status]; sm=[HTTP::cookie exists "SMSESSION"]" 
    if { [HTTP::cookie exists "SMSESSION"] } { 
        set smsession "SMSESSION=[HTTP::cookie value SMSESSION]" 
        set sm 1 
        } 
        if { [HTTP::status] == 404} { 
        HTTP::retry $smsession 
        }

So I understand: Rachel_Test is the Siteminder Pool... Correct ?
"You should look for a girl named Sideminder I think ;-)"
Is, "xmppwst.airservices.eds.com" and "xmppt.airservices.eds.com" resolving on the same virtual ?
Should the Browser go to xmppt.airservices.eds.com or should the connection flow go 
User BIG-IP1 (VS xmppt.airservices.eds.com) pool Rachel_Test_8080 which is BIG-IP2 (VS xmppt.airservices.eds.com) ?
Normally we build szenarios with Authentication Virutuals using Redirects. In a Redirect you may pack in, Username&amp;Password&amp;originalURI, and on the second BIG-IP you would store this, detect successful login and initiate a Redirect back to BIG-IP 1 (originalURI) including the Cookie aso. Attention, cookie will not be submitted to another Domain, so Authentication should be made doing a redirect to same host but different URI "/OAuthDemo/cookiegenerator.html" and if the URI in a request is /OAuthDemo/cookiegenerator.html you will select the other pool with the authentication Server.
when HTTP_REQUEST {                
    if { [HTTP::uri] ends_with "/OAuthDemo/cookiegenerator.html"} { 
         pool Rachel_test_8080 } 
         else { 
               pool $def_pool
                }

Forum Discussion

Not Returning back to the current loadbalancer url from external service

6 Replies

Recent Discussions

Failed to convert character dclid=%EDclid!

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

APM OCSP Responder Issues

Related Content

The return of DevCentral CodeShare.

CSV to Address External Datagroup File

External Monitor Information and Templates

TACACS+ External Monitor (Python)

snmp-check external monitor