Diffrent apm login page based on b64 encoded url parameters

Question

We are using on premise ADFS Idp for all cloud application saml auth. Its protected with 2 factor auth using F5 apm. Now requirement has come to step down authentication for few cloud applications using same idp adfs url. For that need to give diffrent login page for those less secure application. Less secure app can be identified with http parameters in b64 encoded url. How to provide diff login page in this case. Landing uri option cant be used since parameters are in the b64 encoded url. Pls help

faruk_aydin · Answer

Hello Spalan,
 
1. Use iRule event(decodeURL) at start of Access Policy
2. in the iRule set session.custom.decodedURL as decoded URL. (like : ACCESS::session data set session.custom.decodedURL [b64decode [ACCESS::session data get session.network.server.landing_uri]])
3. After that iRule event in the Access Policy, create empty box, in the branch check session.custom.decodedURL parameter and create and assign different logon page according to Its value.

faruk_aydin · Answer

This is sample code:&nbsp;
when ACCESS_POLICY_AGENT_EVENT {
switch [ACCESS::policy agent_id] {
    "decodeURL"
    {
        ACCESS::session data set session.custom.decodedURL [b64decode [ACCESS::session data get session.network.server.landing_uri]]
    }
}

}&nbsp;
&nbsp;If you have memory leak problem, you must open a case to F5 Support&nbsp;

Forum Discussion

Diffrent apm login page based on b64 encoded url parameters

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Rewrite uri translation not working

Related Content

Brute Force protection for single parameter like OTP

What's diffrent install configuration option on menu boot location

Wildcard Parameter signature attack

HTTP auth - Calling external API with parameters

ASM blocked request contains & (ampersand) symbol in parameter value