Hi,

This should work.

Please attach a http watch taken with version 7 or less for the direct access without going through SA

Regards,

Jay

Here is the http watch from the site.  Thx for taking a look.

Just to make sure, the SA is rewriting the external resource, correct?  I can't imagine you could do a SSO form POST to a resource which was not being rewritten.

Ken

These are the value I found

POST URL : http://jb.sitacorp.com/jbclient/faces/broker.xhtml

Parameter                           Value

j_idt9                                   j_idt9 
j_idt9:j_idt12                        testaccount  
j_idt9:j_idt14_editableInput    sunny  
j_idt9:j_idt14_input               sunny 
j_idt9:j_idt18   
javax.faces.ViewState         -1561150858555089789:6834917585508214746

I am not sure which is your domain username which you want to pass as a variable <username>

What about j_idt9 and j_idt9:j_idt12 , are these static values or dynamic values?

For the viewstate, I guess you can put the value as found in the http watch though it might be dynamic

Regards,

Jay

j_idt9:j_idt12 would be what we'd want to pass the username to.  Not sure what the other values even are.

So what would the setup of this look like?

Ken, it is not being rewritten right now.  When we use rewriting it fails to load the page.

I can't imagine that you can do a form post without rewriting the page.  It might depend on whether rewriting policies are applied before form post policies.  Can someone more knowledgable give us a definitive answer on this point?

Does the load of the page ehdn rewritten fail because you do not have a proxy server and proxy policies defined?  The only way to get an external page rewritten is for the SA to be able to fetch it through the internal interface of the appliance.  At least in my network, the only way to do that is to go outbound through a proxy.

Ken

Hi,

If the URL is not rewritten by the Juniper, it would not be possible to do a form post

Thanks,

Jay