Preserving Session Variables after a redirect
Hi All,
I have a LAB BIG-IP (11.6) set up which has the following: 2 Virtual servers, 2 access policies.
The BIG-IP is being used as a perimeter device and allows external access to our network. Both my virtual servers have externally accessible IP addresses.
One of the virtual servers is used to load balance and front-end a Citrix farm. This works great as long as we log in to the virtual server directly. Users are directed to the Citrix Web Interface server, and are presented with their applications and everything works the way it should, SSO works, applications launch, everything is great.
The problem is that I would like to not have the requirement for people to log directly into the virtual server for Citrix. We have a primary external facing interface and we just want people to log into that, and then get redirected to the Citrix Virtual server if they are in certain AD groups or if their machines fail certain client configuration checks. The idea here is to hand out one external url to all our users and then have them be redirected based on AD queries and machine checks.
My main access policy (tied to the preffered external facing Virtual Server) does an "allow and redirect" if a person is in a particular AD Group or meets other requirements. This works fine and passes the user directly to the Citrix virtual server if the results of the queries and client checks warrant that they only be allowed Citrix (as opposed to full VPN access).
My problem is that once I do the redirect, all the session variables from the initial logon are lost and the users need to re-authenticate either on the Citrix virtual server, or at the Web Interface. We don’t want this to happen; we are trying to keep SSO working.
I have tried simply doing an RDP resource for the Citrix users, but it is fairly awkward and doesn’t seem to work very well.
So (after all that) here’s my questions:
-
Is there any way to keep session variables such as “Session.Logon.Last.Username” and “session.logon.last.password” active after a re-direct ?
-
If that’s not possible, is there a way to create custom variables containing the values of the “Session.Logon.Last.Username” and “session.logon.last.password” variables and have those custom variables persist after the redirect?
Thanks in advance for reading this and attempting to answer.
Also, if you need to see my access policies or any other configurations of my lab config I’ll post them here on request.
-John