Hey Andrew, I may have found a solution for us. Might be a bit untidy but so far it seems to work
Here's what I did
- Added "Advanced Resource Assignment" back to the test_universal_policy
- Changed the sso to use multi-domain (with the only entry being the companies domain, no host entries)
- Set both ADFS and Webtop to use the universal policy
- Created an irule and attached it to the test webtop vs, which has the following
when HTTP_REQUEST {
if { [ACCESS::session data get session.logon.last.result] == 1 } {
if { not ([HTTP::uri] starts_with "/vdesk/") } {
set thiswebtop [ACCESS::session data get "session.assigned.webtop"]
HTTP::redirect "https://webtop.example.com/vdesk/webtop.eui?webtop=$thiswebtop&webtop_type=webtop_full"
}
}
}
I haven't added our external login form yet (just using the built in F5 one)
Give that a whirl.