ACE Scripted probe to allow for mutliple 302 for SSO?

Unanswered Question
Mar 3rd, 2010

Has anyone created an ACE

TCL script that does and https get on a production url where you login as a user? But there is one catch with our SSO configuraiton you get mutliple redirects example below



user->prod url->prod websever->redirects to Identity server->redirects you to login for SSO->login happens-> redirects you prod URL




Any one have any scripts to handle this and could give me an example?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Thu, 03/04/2010 - 00:48

You really do not want to do something as complicated with your probes.

A probe should be kepts as simple as possible.  You don't want to lose resources monitoring your servers and dropping traffic because of that.


So, since there are redirects, and you know already were you will be redirected, why don't you poll the correct url immediately ?


Gilles.

c.hamoeller Thu, 03/04/2010 - 05:24

The direct login to the URL is the same as it is in the first step in the process. This is do to how Access Manager treats and directs traffic, URL sits in AM and than redirects to it's IDP server for login and than redirects you back. Login directly to the IDP server is not allowed by Novell. The only other choice I have load balance and health check all backend servers to VIP's for AM. This is a worse setup and forces me to do 40 health checks and 10 VIP's. All to fake URL or health checks for .gif or .jpg that do not even correspond to produciton URL. The functionality of the ACE health checking is really disapointing if it can not understand a simple 302. Most sites I figure with SSO redirect you with a 302 and it is pretty standard industry practice to do so.

Actions

This Discussion