APM AP VPE to value/variable to check and trigger a redirect to logon in case of failed SSO Forms & Auth Failure

Question

Hi,&nbsp;
I am looking for help regarding building a VPE AP workflow that checks a variable/value that would redirect to the Logon page in case User Login Failure? and Assign a WebTop Portal Access resource if User/Pass passes sign-in.&nbsp;
See attached screenshots. The SSO Credentials Mapping is functioning. My various attempts to get the redirect to work are:&nbsp;
session.sso.token.last.username.sso.state&nbsp;
or&nbsp;
use URI path contains: 
"/?returnurl=/" (for Successful Logon Detection Match Value) and "/login/?returnurl=%2f" (for failure)&nbsp;
Also tried using individual iRule(s), the "iRule Event" with "Empty Action" branch rule expression check to assign a trigger value &amp; assign it a session variable ... to no avail.&nbsp;
Please advise on the best way to make this work &amp; what other information I need to provide? Thank in advance!&nbsp;
&nbsp;
&nbsp;
&nbsp;
&nbsp;
&nbsp;

seth_cooper · Answer

Can you setup a AAA object to auth the user before provisioning the Portal webtop?  The request to the backend will not happen until you have hit the "allow" ending on the policy and at that point the evaluation is over.&nbsp;
Your best bet is to authenticate the user and then make your provisioning decisions.&nbsp;
Seth&nbsp;

popica · Answer

Hi Seth,&nbsp;
Thanks for your quick response.&nbsp;
Unfortunately the custom back-end web app does not authenticate user upfront with AD &amp; the application owner is not willing to change this right now.&nbsp;
I guess that leaves us with no solutions right now?&nbsp;
Appreciate your help.
Best - Constantin&nbsp;

popica · Answer

the auth is handled by a DB on the service. No integration to AD at all. different password for AD and the app&nbsp;

seth_cooper · Answer

Constantin,&nbsp;
Could you by chance use the HTTP AAA object?  use the VPE to send a request to the back-end app to auth the user and then send to the portal?&nbsp;
Seth&nbsp;

popica · Answer

I will try your recommendation &amp; keep you posted.
Thanks again!&nbsp;

Forum Discussion

APM AP VPE to value/variable to check and trigger a redirect to logon in case of failed SSO Forms & Auth Failure

7 Replies

Recent Discussions

iRule resulting in too many redirects

When F5OS r2800 appliance reboots, interfaces configured at tenant level for VLAN are lost

cat and grep command for rst messages

iControl for Gtm wideip

Telemetry streaming to Elasticsearch

Related Content

Leveraging Ansible Rulebooks for Streamlined Event Triggers: Advantages and Benefits

Assign cookie value to APM custom variable

Anchor Link Redirect

Formating issue: default value for undefined variable

Irule Trigger two times