sometime you have to go through with interesting approaches, I was delivering SAML based SSO integration for the customer for Kronos cloud based application, and our customer landscape was build-ed with TFIM 6.2 and IBM WebSEAL. landscape situation was for the applications, if users request the applications from customer network, so those requests will hit to internal F5 cluster IP which authenticated them from internal WebSEAL login instance and allowing Kerberos authentication.
In case if users request the applications from outside/Internet, so those request will hit to external F5 cluster which authenticated them from external WebSEAL login instance and allowing form based authentication.
customer requested is to implement form based authentication in both the scenarios for this integration either user accessing the application from customer network or Internet, so to implement this form based authentication in customer network I tried to handle this from WebSEAL that how we can bypass the internal request to external WebSEAL login instance so that users will get the login page but did not get any outcome internal in WebSEAL functionality, finally got a one clue from my team mate that we have to create the redirection on F5 LB that we did and created absolute URL redirection from Internal F5 to External F5, this solution worked like champ, Finally we delivered this small project successfully. users internal requests were redirecting to external F5 and users were getting the login page for external authentication.
