Hey Hubert,
Just another note - your method worked great using the auth scheme to redirect to a NO ACCESS page. I was testing other ways and use cases of doing this redirect as well.
I used the same agent group method with the different virtual host agent objects added. I created the domain for protecting affweb.
Created the realm as: /affwebservices
Used any auth scheme: For example basic username / password
Created two rules this time:
First rule:
Resource: *
Effect Resource: protect_AffWebGroup/affwebservices*
Allow Access
Web Agent Action -> Get Post Put
Second Rule
Resource: *
Effective Resource: protect_AffWebGroup/affwebservices*
Allow Access
Authorization Event: OnAccessAccept
Created Response Attribute tied to Second Rule
WebAgent-OnAccept_Redirect: Here I redirected to the Virtual Host I wanted to handle the Fed Web apps as a Static Attribute
https://federationgateway.example.com/affwebservices/assertionretriever
This works fine for redirecting to the static /assertionretriever page on the correct virtual host I want to handle fed apps.
My question is, on the Response attribute, is there a way to grab the $0 portion of the URI from the initial request and append that to the end of the URI
in the response attribute redirect? Almost like on the reverse proxy, this way any request sent to that /affwebservices would then be redirected to the appropriate fed app instead of everything to /assertionretriever.
I may be trying to squeeze too much out of this and should stick to the disallow access auth scheme method, but just for creativities sake. Any ideas?
Thanks,
Adam