Forum Discussion

Yi_113825's avatar
Yi_113825
Icon for Nimbostratus rankNimbostratus
May 03, 2014

Webtop Deeplink

is there a way to access a webtop link that are published on f5 portal via deedplink? we have webtop links published on f5 portal, f5 does the urlrewriting for the internal applications. Is there a way to access the f5 rewritten links directly , then user gets prompted to sign in to F5 portal, F5 then redirects the user back to the original link and takes user to the application directly.

 

right now, if i try to go to the rewritten link directly, i get a f5 logon page /my.policy, after sign in, I get the f5 portal desktop, i'm not able to go to the specific application link.

 

2 Replies

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus

    Not sure any creative way to do it, but just curious to know why you need it.

     

  • A variation on a previous post:

    https://devcentral.f5.com/questions/apm-open-a-second-startup-browser-after-the-webtop-portal-launch

    Solution: layered virtuals - external LTM HTTPS VIP with SSL offload, STREAM profile, and iRule. Internal APM HTTP VIP with portal configuration and webtop.

    iRule:

    when HTTP_REQUEST {
        STREAM::disable
        if { ( [HTTP::uri] starts_with "/f5-w-" ) and not ( [ACCESS::policy result] eq "allow" ) } {
            HTTP::respond 302 Location "https://[HTTP::host]" "Set-Cookie" "f5deeplink=[URI::encode [HTTP::uri]]; path=/"   
        } elseif { ( [HTTP::uri] starts_with "/vdesk/webtop.eui?webtop=" ) and ( [HTTP::cookie exists f5deeplink] ) } {
            set catch [HTTP::cookie value f5deeplink]
        }
        virtual simple-vs
    }
    when HTTP_RESPONSE {
        if { [info exists catch] } {
            STREAM::expression "@@ @"
            unset catch
            STREAM::enable
            HTTP::header insert "Set-Cookie" "f5deeplink=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT"
        }
    }
    

    How it works:

    1. If the user attempts to go to a deep link first, a link inside the portal that starts with "/f5-w-", we'll set a cookie containing the requested URI and then redirect to the main page for login.

    2. Else if the request is for the webtop (after successful authentication) and the f5deeplink cookie exists, set a catch flag.

    3. Use the virtual command to send the traffic to the internal APM VIP.

    4. In the HTTP_RESPONSE event, if the catch variable exists, use the STREAM profile to inject a small piece of JavaScript at the end of the portal webtop page. This JavaScript will invoke the "F5_Inkvoke_open" function with the specified URI. This function is normally used within the webtop to open internal resources.

    5. Send a Set-Cookie header to delete the f5deeplink cookie so that the requested tab only opens once.

    The above will force the user to authenticate through the main portal logon, and then open a second tab to the requested resource. Also, because you're using JavaScript to open a new tab without user intervention, most browsers will see this as a popup and either block it or warn you. You'll need to add this site to a trusted hosts list to prevent the warning.