Posted in : NetScaler Av Simon Gottschlag Översätt med Google ⟶
7 years ago
One of the best things about XenMobile and Secure Web is the SSO integration with NetScaler. It usually ”just works”, but I actually got into an issue this time that was kind of interesting.
AAA form fill SSO using a web browser and AAA traffic policies worked without a problem, but when using the VPN traffic policies for Secure Web – the form fill only worked after manually refreshing the page.
After doing some initial troubleshooting and realizing it may be something deeper than just a misconfigured SSO, I decided to do a workaround – which actually works quite well until the problem is solved.
For those interested, it does seem like the NetScaler finds the CSRF token and inserts it – just that it doesn’t work the first time:
My solution was inserting a JavaScript into the page and forcing Secure Web to refresh once – which magically gets the form fill to work:
add rewrite action RWA-RES-REFRESH_ONCE replace_all "HTTP.RES.BODY(9999).SET_TEXT_MODE(IGNORECASE)" "\"<body>\"+\"\\r\\n\"+\n\"<script type=\\\"text/javascript\\\">\"+\"\\r\\n\"+\n\" if(!window.location.hash) {\"+\"\\r\\n\"+\n\" window.location = window.location + \'#sso\';\"+\"\\r\\n\"+\n\" window.location.reload();\"+\"\\r\\n\"+\n\" }\"+\"\\r\\n\"+\n\"</script>\"+\"\\r\\n\"" -pattern "<body>" add rewrite policy RWP-RES-REFRESH_ONCE "HTTP.REQ.HEADER(\"Host\").SET_TEXT_MODE(IGNORECASE).EQ(\"site.example.com\") && (HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).EQ(\"/path/to/login\") || HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).EQ(\"/path/to/login/\"))" RWA-RES-REFRESH_ONCE bind vpn vserver <NSGW vServer used by Secure Web> -policy RWP-RES-REFRESH_ONCE -priority 100 -gotoPriorityExpression NEXT -type RESPONSE
Tags :
Personlig rådgivning
Vi erbjuder personlig rådgivning med författaren för 1400 SEK per timme. Anmäl ditt intresse i här så återkommer vi så snart vi kan.
Add comment