Multiple SAML Authentication Actions Single gateway vserver How do I write expression to chose appropriate action based on user URL entered?

[Simon Cooper]

Have 2 x NetScaler VPX (different sites) each with a single gateway vserver.

Originally configured as stand alone with SAML authentication to AzureAD.

Result is I have 2 x URL's which resolve to individual NetScaler's with SAML actions that point to their own individual Azure enterprise applications. (ns1.corp.com and ns2.corp.com)

I now a add GSLB (access.corp.com) configuration on top of this using the same gateway vservers. I have a new SAML action and Azure enterprise application.

Each NetScaler has 2 x Authentication policies with expression of "true" and their own Authentication action configured for either ns1.corp.com or access.corp.com.

How do I or can I change the expression "true" to one that allows for both of these authentication policies to be bound to the gateway vserver and the correct action to be applied based on the URL entered by user.

I looked and tested expression HTTP.REQ.URL.CONTAINS("access.corp.com") and HTTP.REQ.URL.CONTAINS("access.corp.com").NOT but this didn't seem to work.

I'm new to this expression writing and would appreciate some guidance from you guru's out there.

thanks

Simon

[Chris Chau]

Hi Simon,

The expression you are using "HTTP.REQ.URL.CONTAINS" is just checking the URL part of your request, i.e. the string after your FQDN. E.g. if your site is "https://access.corp.com/login.html", it is just checking "/login.html".

To check the FQDN (i.e. "access.corp.com"), you can use "HTTP.REQ.HOSTNAME.CONTAINS".

Thanks and regds,

Chris

[Morten Kallesøe]

there is also some cookie (cant remember which) that is set, which also could help you. i wrote an article on it on netscalerrocks.com some time ago. (use the internet archive to look it up) maybe it can help you

[Simon Cooper]

This worked a treat, many thanks Chris.