cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
574
Views
0
Helpful
2
Replies

ACE Scripted probe to allow for mutliple 302 for SSO?

c.hamoeller
Level 1
Level 1

Has anyone created an ACE

TCL script that does and https get on a production url where you login as a user? But there is one catch with our SSO configuraiton you get mutliple redirects example below

user->prod url->prod websever->redirects to Identity server->redirects you to login for SSO->login happens-> redirects you prod URL


Any one have any scripts to handle this and could give me an example?

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

You really do not want to do something as complicated with your probes.

A probe should be kepts as simple as possible.  You don't want to lose resources monitoring your servers and dropping traffic because of that.

So, since there are redirects, and you know already were you will be redirected, why don't you poll the correct url immediately ?

Gilles.

The direct login to the URL is the same as it is in the first step in the process. This is do to how Access Manager treats and directs traffic, URL sits in AM and than redirects to it's IDP server for login and than redirects you back. Login directly to the IDP server is not allowed by Novell. The only other choice I have load balance and health check all backend servers to VIP's for AM. This is a worse setup and forces me to do 40 health checks and 10 VIP's. All to fake URL or health checks for .gif or .jpg that do not even correspond to produciton URL. The functionality of the ACE health checking is really disapointing if it can not understand a simple 302. Most sites I figure with SSO redirect you with a 302 and it is pretty standard industry practice to do so.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: