Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VMware View AlwaysOn Desktop Reference Architecture - Request Rule


# Rule to Direct Traffic Based on AD Group Membership

# Please declare the names of the pools you have configured, and ensure

# that the trafficscript!variable_pool_use Global setting is set to 'yes'

$authenticator = "SiteA-AD";

$view_siteA_pool = "View-SiteA-Pool";

$view_siteB_pool = "View-SiteB-Pool";


# View Specific variables

$view_info =

    [ "guid" => "624384c9-111e-459a-a4ab-f84aa0d48af9",

      "server" => "VSS1",

      "dns" => "aod-lab.local",

      "domain" => "AOD-LAB" ];



#Site B STM IP address

$site_B_STM1_IP = "192.168.201.30";

$site_B_STM2_IP = "192.168.201.31";

#Set $debug flag to 1 in order to troubleshoot

$debug = 1;



#Bypass Script if the path is for / as it could be GLB health monitor

if( http.getpath() == "/") { break;}


$client_ip = request.getRemoteIP();

#Bypass Script if the connection request is from other Site STM

if ($client_ip == $site_B_STM1_IP || $client_ip == $site_B_STM2_IP) {

   log.info("Received connection from SiteB, Selecting default pool");

   pool.select($view_siteA_pool);

   break;

}



$must_authenticate = false;

$user_name = '';

$password = '';



$sess_id = http.getcookie("JSESSIONID");

$sess_data = data.get( $sess_id );

if( string.length( $sess_id ) && lang.isHash( $sess_data ) ) {

   if( $debug ) { log.info("jsession id cookie: ".$sess_id); }

   if( $debug ) {

      log.info("Request with JSESSIONID: ".$sess_id.

               " found in table and not timedout. Node=".$sess_data["node"].":".$sess_data["port"] );

   }



   $node_status = pool.checknode( $sess_data["pool"], $sess_data["node"], $sess_data["port"] );

   if($node_status != "ACTIVE") {

      $user = $sess_data["user"];

      pool.select( $sess_data["pool"] );

      if( $debug ) { log.info("Node:".$sess_data["node"]." is not Active. Selecting Active Node from the Pool");}

      http.removeCookie("JSESSIONID");

      connection.data.set("uname",$user);

      break;

   } else {

      pool.select( $sess_data["pool"], $sess_data["node"], $sess_data["port"] );

      if( $debug ) { log.info( "Selecting Node: ".$sess_data["node"] ); }

      break;

   }

} else {

   $body = http.getBody();

   if( $debug ) { log.info("Got body:" . $body ); }

   # check whether this is the first request:

   if( string.endswith( $body, "<get-configuration/></broker>" ) ) {

      sendFirstResponse( $view_info, $debug );

      break;

   }

   # Check whether this is the second request:

   if( string.regexmatch( $body, "username</name><values><value>(.*?)</value>.*?password</name><values><value>(.*?)</value>" ) ) {

      $user_name = $1;

      $password = $2;

      $user_data = data.get( $user_name );

      #Check if the user_data exists in global namespace and not timedout

      if( lang.isHash( $user_data ) ) {

         $curtime = sys.time();

         if( $curtime < $user_data["timeout"] ) {

            if( $debug ) { log.info( "Request with Username in table and session not timedout: Resetting previous JSESSIONID" ); }

            connection.data.set( "uname", $user_name );

            data.set( $user_data["sessionid"], "" );

            pool.select( $user_data["pool"], $user_data["node"], $user_data["port"] );

            break;

         } else {

            if( $debug ) { log.info( "Resetting Persistence Entry as it has timed out" ); }

            data.set( $user_data["sessionid"], "" );

            data.set( $user_name, "" );

            $must_authenticate = true;

         }

      } else {

         if( $debug ) { log.info( "Request with Username  NOT in table checked with AD to select group!" ); }

         $must_authenticate = true;

      }

   }

}

if( $must_authenticate ) {

   $auth = auth.query( $authenticator, $user_name, $password );

   $group = $auth['memberOf'];

   if( string.contains( $group, "SITE_B" ) ){

      if( $debug ) { log.info( "User: ".$user_name." member of SiteB Users group" );}

      pool.select( $view_siteB_pool );

      connection.data.set( "uname", $user_name );

      break;

   }

   if( string.contains( $group, "SITE_A" ) ) {

      if( $debug ) { log.info( "User: ".$user_name." member of Default SiteA-Users group" ) ;}

      pool.select( $view_siteA_pool );

      connection.data.set("uname", $user_name);

      break;

   }

}



sub sendFirstResponse( $info, $debug )

{



   $first_response = "<?xml version=\"1.0\"?>\n<broker version=\"6.0\">\n<set-locale>\n<result>ok</result>\n</set-locale>\n<configuration>\n<result>ok</result>\n\

<broker-guid>".$info["guid"]."</broker-guid>\n<broker-service-principal>\n<type>kerberos</type>\n<name>".$info["server"]."[email protected]".$info["dns"]."</name>\n\

</broker-service-principal>\n<authentication>\n<screen>\n<name>windows-password</name>\n<params>\n<param>\n<name>domain</name>\n<values>\n\

<value>".$info["domain"]."</value>\n</values>\n</param>\n</params>\n</screen></authentication>\n</configuration>\n</broker>";



      if( $debug ){ log.info( "First request, sending fake response" ); }

      http.sendResponse( "200 OK", "text/xml;charset=UTF-8", $first_response, "XFF: STM_SiteA" );



}





Version history
Revision #:
1 of 1
Last update:
‎03-25-2013 10:00:AM
Updated by:
 
View Article History
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.