Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE Scripted probe to allow for mutliple 302 for SSO?

Has anyone created an ACE

TCL script that does and https get on a production url where you login as a user? But there is one catch with our SSO configuraiton you get mutliple redirects example below

user->prod url->prod websever->redirects to Identity server->redirects you to login for SSO->login happens-> redirects you prod URL


Any one have any scripts to handle this and could give me an example?

2 REPLIES
Cisco Employee

Re: ACE Scripted probe to allow for mutliple 302 for SSO?

You really do not want to do something as complicated with your probes.

A probe should be kepts as simple as possible.  You don't want to lose resources monitoring your servers and dropping traffic because of that.

So, since there are redirects, and you know already were you will be redirected, why don't you poll the correct url immediately ?

Gilles.

New Member

Re: ACE Scripted probe to allow for mutliple 302 for SSO?

The direct login to the URL is the same as it is in the first step in the process. This is do to how Access Manager treats and directs traffic, URL sits in AM and than redirects to it's IDP server for login and than redirects you back. Login directly to the IDP server is not allowed by Novell. The only other choice I have load balance and health check all backend servers to VIP's for AM. This is a worse setup and forces me to do 40 health checks and 10 VIP's. All to fake URL or health checks for .gif or .jpg that do not even correspond to produciton URL. The functionality of the ACE health checking is really disapointing if it can not understand a simple 302. Most sites I figure with SSO redirect you with a 302 and it is pretty standard industry practice to do so.

317
Views
0
Helpful
2
Replies
CreatePlease login to create content