vADC Docs

VMware View AlwaysOn Desktop Reference Architecture - Request Rule

by vreddy on ‎03-25-2013 10:00 AM (459 Views)

# Rule to Direct Traffic Based on AD Group Membership


# Please declare the names of the pools you have configured, and ensure


# that the trafficscript!variable_pool_use Global setting is set to 'yes'


$authenticator = "SiteA-AD";


$view_siteA_pool = "View-SiteA-Pool";


$view_siteB_pool = "View-SiteB-Pool";



# View Specific variables


$view_info =


    [ "guid" => "624384c9-111e-459a-a4ab-f84aa0d48af9",


      "server" => "VSS1",


      "dns" => "aod-lab.local",


      "domain" => "AOD-LAB" ];




#Site B STM IP address


$site_B_STM1_IP = "192.168.201.30";


$site_B_STM2_IP = "192.168.201.31";


#Set $debug flag to 1 in order to troubleshoot


$debug = 1;




#Bypass Script if the path is for / as it could be GLB health monitor


if( http.getpath() == "/") { break;}



$client_ip = request.getRemoteIP();


#Bypass Script if the connection request is from other Site STM


if ($client_ip == $site_B_STM1_IP || $client_ip == $site_B_STM2_IP) {


   log.info("Received connection from SiteB, Selecting default pool");


   pool.select($view_siteA_pool);


   break;


}




$must_authenticate = false;


$user_name = '';


$password = '';




$sess_id = http.getcookie("JSESSIONID");


$sess_data = data.get( $sess_id );


if( string.length( $sess_id ) && lang.isHash( $sess_data ) ) {


   if( $debug ) { log.info("jsession id cookie: ".$sess_id); }


   if( $debug ) {


      log.info("Request with JSESSIONID: ".$sess_id.


               " found in table and not timedout. Node=".$sess_data["node"].":".$sess_data["port"] );


   }




   $node_status = pool.checknode( $sess_data["pool"], $sess_data["node"], $sess_data["port"] );


   if($node_status != "ACTIVE") {


      $user = $sess_data["user"];


      pool.select( $sess_data["pool"] );


      if( $debug ) { log.info("Node:".$sess_data["node"]." is not Active. Selecting Active Node from the Pool");}


      http.removeCookie("JSESSIONID");


      connection.data.set("uname",$user);


      break;


   } else {


      pool.select( $sess_data["pool"], $sess_data["node"], $sess_data["port"] );


      if( $debug ) { log.info( "Selecting Node: ".$sess_data["node"] ); }


      break;


   }


} else {


   $body = http.getBody();


   if( $debug ) { log.info("Got body:" . $body ); }


   # check whether this is the first request:


   if( string.endswith( $body, "<get-configuration/></broker>" ) ) {


      sendFirstResponse( $view_info, $debug );


      break;


   }


   # Check whether this is the second request:


   if( string.regexmatch( $body, "username</name><values><value>(.*?)</value>.*?password</name><values><value>(.*?)</value>" ) ) {


      $user_name = $1;


      $password = $2;


      $user_data = data.get( $user_name );


      #Check if the user_data exists in global namespace and not timedout


      if( lang.isHash( $user_data ) ) {


         $curtime = sys.time();


         if( $curtime < $user_data["timeout"] ) {


            if( $debug ) { log.info( "Request with Username in table and session not timedout: Resetting previous JSESSIONID" ); }


            connection.data.set( "uname", $user_name );


            data.set( $user_data["sessionid"], "" );


            pool.select( $user_data["pool"], $user_data["node"], $user_data["port"] );


            break;


         } else {


            if( $debug ) { log.info( "Resetting Persistence Entry as it has timed out" ); }


            data.set( $user_data["sessionid"], "" );


            data.set( $user_name, "" );


            $must_authenticate = true;


         }


      } else {


         if( $debug ) { log.info( "Request with Username  NOT in table checked with AD to select group!" ); }


         $must_authenticate = true;


      }


   }


}


if( $must_authenticate ) {


   $auth = auth.query( $authenticator, $user_name, $password );


   $group = $auth['memberOf'];


   if( string.contains( $group, "SITE_B" ) ){


      if( $debug ) { log.info( "User: ".$user_name." member of SiteB Users group" );}


      pool.select( $view_siteB_pool );


      connection.data.set( "uname", $user_name );


      break;


   }


   if( string.contains( $group, "SITE_A" ) ) {


      if( $debug ) { log.info( "User: ".$user_name." member of Default SiteA-Users group" ) ;}


      pool.select( $view_siteA_pool );


      connection.data.set("uname", $user_name);


      break;


   }


}




sub sendFirstResponse( $info, $debug )


{




   $first_response = "<?xml version=\"1.0\"?>\n<broker version=\"6.0\">\n<set-locale>\n<result>ok</result>\n</set-locale>\n<configuration>\n<result>ok</result>\n\


<broker-guid>".$info["guid"]."</broker-guid>\n<broker-service-principal>\n<type>kerberos</type>\n<name>".$info["server"]."$@".$info["dns"]."</name>\n\


</broker-service-principal>\n<authentication>\n<screen>\n<name>windows-password</name>\n<params>\n<param>\n<name>domain</name>\n<values>\n\


<value>".$info["domain"]."</value>\n</values>\n</param>\n</params>\n</screen></authentication>\n</configuration>\n</broker>";




      if( $debug ){ log.info( "First request, sending fake response" ); }


      http.sendResponse( "200 OK", "text/xml;charset=UTF-8", $first_response, "XFF: STM_SiteA" );




}