Sergi_Munyoz_24
Mar 28, 2017Nimbostratus
Webtop asks again for authenticacion
Hi. I have done two setups recently with APM:
- One is a reverse proxy with APM protecting destination web servers with authentication, where servers can be accesed directly with its own url or through a webtop, but all on must be on the same VIP (every url points to this VS)
- The other setup, in another customer, is a SAML IdP service supporting SP/IdP initiated connections with a webtop publishing resources
In both cases I've found the same problem.
- If the webtop is requested on the first browser tab, user authenticates, and following requests to urls on other browser tabs work as expected, with session cookie acting, no re-authentication required
- If user requests a url (or a saml sp-initiated connection that redirects to idp in second sample case) APM authenticates the user. Then, if the user requests webtop in second tab, APM asks for authentication again. If we look on browser, a new session cookie is presented different from the existing one
I think I read somewhere this was by webtop design due to security concerns or something like that. Anyone knows about it ?
Taking an idea from other post, what I've done is the following iRule, that works, but I'm not sure is the best option, that's the reason why of this post:
when HTTP_REQUEST {
if { [HTTP::cookie exists "LastMRH_Session"] } {
log local0. "URI: [HTTP::uri]"
if { [HTTP::uri] equals "/" } {
ACCESS::disable
HTTP::redirect "[https://host.domain.com/vdesk/webtop.eui?webtop=/Common/domain&webtop_type=webtop_full"]
}
if { [HTTP::uri] equals "" } {
log local0. "Access DISABLE"
HTTP::redirect "[https://host.domain.com/vdesk/webtop.eui?webtop=/Common/domain&webtop_type=webtop_full"]
}
}
}