Forum Discussion

Rosieodonell_16's avatar
Rosieodonell_16
Icon for Cirrus rankCirrus
Mar 13, 2015

Client Initiated SSO Help

I have the following website that i am trying to log into with form-user initiated sso configutration. I have never done this before and i was wondering if anyone can take a look at what i have. here is the site:

HTTP/1.1 200 OK Connection: Keep-Alive Content-Length: 1226 Date: Fri, 13 Mar 2015 22:24:13 GMT Content-Type: text/html; charset=ISO-8859-1 Server: company Web Server Accept-Ranges: none Cache-Control: no-store, no-cache, private, max-age=0, s-maxage=0, must-revalidate, no-transform Pragma: no-cache X-Frame-Options: DENY




    
        Username: 
        
    
    
        Password:

I have the following for parameters:

Form detections = /system/signonforms/emrRoundsLogin.htm?hcis=TROLL.LIVEF&device=Tablet&platform=Focus

password = %{session.sso.token.last.password} and make it secure (yes) userid = %{session.sso.token.last.username} and not secure

So basically i sign into my access policy and this is the sso configured and nothing happens. it just stops on hte page. is there a way to see or test the sso to find what is erroring out?

APM
application delivery
deployment
devops
iApps
LTM
security

8 Replies

Sort By
  • kunjan_118660's avatar
    kunjan_118660
    Icon for Cumulonimbus rankCumulonimbus
    Mar 13, 2015

    You can enable debug in the SSO general settings and verify /var/log/apm to check first if the form identification is working.

     

    • Rosieodonell_16's avatar
      Rosieodonell_16
      Icon for Cirrus rankCirrus
      Mar 16, 2015
      so i am getting a -bash error saying i don't have permission. i tried adding tmsh /var/log/apm but i am getting the following error: Syntax error: unexpected argument "/var/log/apm/"
  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Mar 13, 2015

    You can enable debug in the SSO general settings and verify /var/log/apm to check first if the form identification is working.

     

    • Rosieodonell_16's avatar
      Rosieodonell_16
      Icon for Cirrus rankCirrus
      Mar 16, 2015
      so i am getting a -bash error saying i don't have permission. i tried adding tmsh /var/log/apm but i am getting the following error: Syntax error: unexpected argument "/var/log/apm/"
  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Mar 16, 2015

    Sorry, what I meant is to check the debug logs in /var/log/apm file.

     

    • Rosieodonell_16's avatar
      Rosieodonell_16
      Icon for Cirrus rankCirrus
      Mar 16, 2015
      So i have been working on this and I think i have gotten farther. If the user types in: https://appliance.domain.com/Emr-EmrMobileWeb.HomePage.WR.mthr?hcis=TROLL.LIVEF&device=Tablet&platform=Focus i have a rewrite-uri profile that takes / and rewrites it to http://server.domain.com and the SSO works. but i need all traffic that hits the device to always come in with the URL: https://appliance.domain.com/Emr-EmrMobileWeb.HomePage.WR.mthr?hcis=TROLL.LIVEF&device=Tablet&platform=Focus Its weird because i tried adding a basic redirect that sends all traffic to that URL but it seems to break everything. Can you have redirects and rewrites on the same Virtual server or is there an iRule that can do this better for me?
    • Rosieodonell_16's avatar
      Rosieodonell_16
      Icon for Cirrus rankCirrus
      Mar 16, 2015
      So i have been working on this and I think i have gotten farther. If the user types in: https://appliance.domain.com/Emr-EmrMobileWeb.HomePage.WR.mthr?hcis=TROLL.LIVEF&device=Tablet&platform=Focus i have a rewrite-uri profile that takes / and rewrites it to http://server.domain.com and the SSO works. but i need all traffic that hits the device to always come in with the URL: https://appliance.domain.com/Emr-EmrMobileWeb.HomePage.WR.mthr?hcis=TROLL.LIVEF&device=Tablet&platform=Focus Its weird because i tried adding a basic redirect that sends all traffic to that URL but it seems to break everything. Can you have redirects and rewrites on the same Virtual server or is there an iRule that can do this better for me?