Hi JDL, I am actually having issues with the OWA server when it calls sharepoint.company.com. Since it isn't a user it can't complete the SSO.
What I was trying, which worked on every request after the first one:
when HTTP_REQUEST {
if { [string tolower [HTTP::host]] contains "owa.company.com" } {
pool OWA-pool
} else {
if { [IP::addr [IP::client_addr] equals OWA-pool-member] } {
ACCESS::disable
}
pool SP13-pool
persist none
}
}
It was as if it had to go through once to have ACCESS disabled and then it was right after that. I flipped the logic to be ACCESS::disable at the start and then enable for everything that isn't the OWA-pool-member, and this WORKS. Not sure that is good practice though.
when HTTP_REQUEST {
ACCESS::disable
if { [string tolower [HTTP::host]] contains "owa.company.com" } {
pool OWA-pool
} else {
if { [IP::client_addr] != "OWA-pool-member" } {
ACCESS::enable
}
pool SP13-pool
persist none
}
}
I'd probably rather have an iRule more like my first one that just disables when the OWA-pool-member hits SP but it doesn't work in its current form. I was thinking of adding a redirect back to the same URI after the ACCESS::disable (to simulate the second try, which works) but need an IF statement in there to check, IF ACCESS already been disabled once, don't redirect again.
I might play with that some more, I was trying to use "ACCESS::session data get" but without success. I suppose I could set a cookie on the first pass and remove it if it exists on the second pass, just to prove my thinking.
Cheers