APM: Strip off path from Landing URI
Hi,
Currently I'm working on an APM-Policy and I'm facing an issue with a temporary URI.
Scenario: I want to implement different Sign-On-Methods and an error-fallback for a failed login.
So the idea is to have a landing-URI, with branches for /ad , /google and a fallback to an error-login-page with /error.
If I connect to test.com/ad - the Logon-Page for AD-Authentication should appear (username/pw). If I connect to test.com/google - Logon-Page for 2-Factor should appear (username/pw/googleauthcode). If I enter the wrong code, I should be redirected to test.com/error and get another 2F-logon page with a customized text (wrong code) and again the 3 fields for authentication.
Now, if I use the default "Allow"-Ending in the policy editor, the URL that is forwarded to the webserver is test.com/ad, which causes a 404 error. So the best thing would be to strip off the path after the landing page. I tried to achieve this with an iRule-event, but it doesn't work as expected.
Here's my Policy and the iRule :
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "strip_off_path" } {
if { [string tolower [HTTP::uri]] starts_with "/ad" } {
HTTP::uri "/"
} elseif { [string tolower [HTTP::uri]] starts_with "/error" } {
HTTP::uri "/"
} else {
}
}
}
Any ideas? Is it possible to strip off the HTTP::uri with an alternative ending in the policy itself (without iRule)? If I use a redirect-ending to "https://%{session.server.network.name}" I get back to the 2F-Logon-Page again (Landing URI fallback)
Thanks & BR