Layer7 Access Management

Expand all | Collapse all

Validate an attribute from header to redirect to different uri

Jump to Best Answer
  • 1.  Validate an attribute from header to redirect to different uri

    Posted 01-16-2019 05:05 AM

    Is it possible to validate an attribute from header say email address from a form and validate with the domain, ie "@xyz.com" and redirect to different uri.

     

    For example: if user is from xyz, validate the header from onauthattempt event in response and redirect to another uri.

    If its possible, how to write a query for that in reponse expression



  • 2.  Re: Validate an attribute from header to redirect to different uri

    Posted 01-18-2019 05:18 AM

    Chris_Hackett, mutas02

     

    Could someone give some points on this?



  • 3.  Re: Validate an attribute from header to redirect to different uri

    Posted 01-18-2019 05:20 PM

    Hi Joseph,

     

    Yes, This can be achieved by writing an expression under Users tab in Policy along with "Webagent-OnAccept-Redirect" Response as below:

     

    Policy > Users > User Directory >  Add Entry > switch Expression Editor Option to Expression Builder

     

     

    Create a response to redirect to a specific url based on policy decision.

     

     

    Regards

    Ashok



  • 4.  Re: Validate an attribute from header to redirect to different uri

    Posted 01-22-2019 04:10 AM

    Thanks Ashok,

     

    this was helpful.

     

    But what I am looking is to get the mail attribute onAttempt, thats even before validating. 

    Scenario:

    User will be provided with a login page only email field and that user may or may not be in the user directory. On entering the email and clicking on login the user should be redirected to different SAML uri. Where the user will be authenticated at their IDP. And SP will be from my end.

     

    For example: if user uses someone@somedomain.com, i should validate with somedomain.com from the header and pass it through response to redirect to another SAML uri



  • 5.  Re: Validate an attribute from header to redirect to different uri

    Posted 01-22-2019 09:08 AM

    As there is no validation to do at Policyserver/user directory at this stage, This can be achieved by using a piece of java script on the login page to validate the email and redirect it to appropriate url. Also you can capture the Target url(originally accessed) and pass it along to SP depends on your requirement.



  • 6.  Re: Validate an attribute from header to redirect to different uri
    Best Answer

    Posted 01-23-2019 05:43 AM

    Thank you mutas02 (Ashok).