Odd APM logon deny messages
Hi,
Recently I build a portal for my customers so they can access their Citrix published desktop from a remote location. The BIG-IP is only proxy and does not provide the webinterface portal itself. It all works fine apart from some strange behaviour. Let me first explain what I did build.
We have one public url. Let's call it portal.website.foo. Each customer has it's own uri. So customer 1 browses to https://portal.website.foo/customer1. When they do that they hit an iRule which checks the URI and redirects them to the appropriate Citrix Webinterface portal. For customer1 this is https://portal.website.foo/Citrix/Remote-Customer1/auth/login.aspx. Then they access the APM policy which checks for this URI. Depending on the URI the right branche is choosen which handles the authentication en SSO.
So, as mentioned before, this works fine. But when I check the APM accesspolicy reports I see a lot "logon deny" messages, even thought the user is authenticated and has access to his CItrix desktop. The logon deny message mentions a false URI. This is logged via de fallback branche in the APM policy. The URI is diferent each time, but always something like session.server.landinguri is /Citrix/Remote-Customer1/media/ButtonHoverLeft.png. It looks like the user does visit the correct citrix wi interface portal, but that some items within that page are seen as different sessions. I don't have a clue where the fault might be. The default switch in the iRule is not hit. I added a "event disable" to see if it might help. It doesn't.
The iRule which is added to the virtual server is this:
when HTTP_REQUEST {
set reload_page {
No valid page. Please choose the correct one.
}
switch [string tolower [HTTP::uri]] {
"/customer1" {
event disable
HTTP::redirect "https://portal.website.foo/Citrix/Remote-Customer1/auth/login.aspx"
}
"/customer2" {
event disable
HTTP::redirect "https://portal.website.foo/Citrix/Remote-Customer2/auth/login.aspx"
}
"/customer3" {
event disable
HTTP::redirect "https://portal.website.foo/Citrix/Remote-Customer3/auth/login.aspx"
}
"/" {
log local0. "iRule : No URI choosen."
HTTP::respond 200 content $reload_page
}
Default {
log local0. "iRule : None of the above ;-)"
}
}
}
Any help is welcome. Thank you.