Ruc, Rakeshb,

Thanks again for the helpful information!  I was able to get the "out of office" link working using Rakeshb's method.  I will try enabling "Browser request follow-through" next week to see if that works as well... I'd definitely rather go with that approach as it's much, much simpler.  I will post back next week with my final notes.

Thanks!

-Dave

Hi Dave,

"but when the user logs in he still just get the menu and isn't being redirected."

When you say the above I think you are referring to the bookmarks page that comes up right after you sign-in to SSL-VPN page.

Correct me if that is not the case.

What you could do is, create a seperate role for the survey activities. On this new role goto general -> UI options.

On this page see the 'start page', here select "custom page" as the option and you can add your survey URL here.

This way when a user from the outside clicks on the survey link, he will authenticate to SSL-

VPN get assigned to this role and automatically get redirected to the survey URL that you way.

This will avoid users seeing the bookmark page.

< please mark this post as 'accepted solution' if this answers your question that way it might help other as well, thanks >

rakeshb,

That's a good workaround! Never thought of that.

-Mike

Rakeshb,

Thanks for the reply... much appreciated! Just had a follow-up question... the survey page is actually for our employees and everyone is already assigned roles and access the ssl-vpn for other applications. Won't this workaround affect the way the ssl-vpn currently works for them? If I assign them to this role won't they get redirected to the survey page every time they login after? How does the ssl-vpn know which role takes precedence?

Thanks again for the help!

Regards,

-Dave

Rakeshb,

Thanks for the reply... unfortunately this still isn't working for me... maybe I'm doing something wrong. I'm fairly new at managing this box so I'll restate what I'm trying to accomplish and what I've done thus far per your recommendation...

All of our employees already use the ssl-vpn and have roles defined... when a user logs in he is mapped to roles based on active directory group. The roles simply define the menu items and ssl-vpn services that the user has access to. Our IT Helpdesk sends out an automated survey e-mail when a helpdesk ticket is closed... the e-mail has two links... one is to access the survey on our LAN... and the other is to access the survey from the Internet. The link to access from the Internet is the ssl-vpn rewrite link to the survey (ie. https://host.domain.com/survey/,DanaInfo=server.company.com+itqu.asp?icid=20210). When a user click that link, he gets the webportal login, then after logging in he gets the ssl-vpn menu... he is not redirected to the survey. I would like the the users to be redirected to the survey automatically.

So in following your advice, I created a new role called "Customer Survey Role"... enabled UI Options and set the Custom Start Page to the url of the customer survey. I then went to User Realm and mapped a new Active Directory group to the Customer Survey Role. When I added myself to the new Active Directory group and logged into the ssl-vpn I got the new custom start page... this happens regardless of whether I click on the survey e-mail link or just login via the main ssl-vpn page. I only want the custom start page if I click on the survey e-mail link... if I just login normally through the main portal page I want to get my menu of apps. Is there any way to get this to work the way I want?

Thanks again for the help!

-Dave

Hi,

I'm not sure it's possible to do what you're asking. Basically, you're asking to create a link that's accessible via the SSL VPN so when user clicks on the link, it logs in the SSL and then go to the survey link. Otherwise, the use would sign-on to the SSL directly and get the access they need.

I haven't seen a way to do this within the SSL VPN device. Maybe Juniper can help with this directly. Have you contact JTAC to see if there's a solution? If you do find a solution please post... it would be interesting to see if you can have a link that's proxied by the SSL VPN.

-Mike

Dave,

Heres how SA device will differentiate client requests.

ADUserA

ADUserB

Realm1 - for employees

Realm2 - for survey only

Role1 - Contains bookmarks and other access components.

Role2 - No bookmarks will only redirect automatically to a custom start page.

Employees will normally use Realm1 and will get mapped to Role1 for their day to day operations.

When a survey email is received and when employees click on the link to survey, they will be hitting Realm2 and will get mapped to Role2.

This can be the only way to differentiate a normal employee access and a survey driven access.

Note: If a user tries to access a survey link from the internet without clicking on the survey email, they will still be able to connect as long as they can authenticate to the AD server.

Let me know if this makes clear to your current deployment requirement.

Dave,

What you are trying can be done if you enable the Role Level option for Browser request follow through. The setting is  under Roles > Session Options. This setting will basically ensure that any URL you send to the SA (before login) will be remembered and then post login SA will redirect user to this URL.

On a related note: While the format of the URL you created should work fine, a much cleaner way would be to emulate the format of a bookmark based launch. So if its doable change the format of the "out of office" link to:

https://host.domain.com/dana/home/launch.cgi?url=http://survey-server.company.com