Aflex for PeopleSoft application
Posted by ssacchi
Peoplesoft uses some special cookies / javascripts to enable session / log-in tracking. And, it appears that, those only work under secure back-end AND secure-front end. So, basically, configuring client-ssl and server-ssl with some cookie name replacement, cookie value replacement, cookie domain replacement, and url content replacement on the virtual port did the trick. Here is the aflex rule that was used
when RULE_INIT {
set ::domain "virtualtest.ais.example.edu"
set ::orig_domain "cs89prd.ais.example.edu"
set ::cookie_domain ".ais.example.edu"
set ::orig_cookie_domain ".ais.example.edu"
}
when HTTP_REQUEST {
HTTP::header remove "Accept-Encoding"
HTTP::header replace host "$::orig_domain"
if { [string equal "/" [HTTP::uri]] } {
HTTP::redirect "https://$::domain/psp/cs89prd/?cmd=login"
}
set refer [HTTP::header "Referer"]
HTTP::header replace "Referer" [string map "$::domain $::orig_domain"
$refer]
set cookie_number [HTTP::cookie count]
if { $cookie_number > 0 } {
set cookie [split [HTTP::cookie names] " "]
foreach val $cookie {
HTTP::cookie domain $val $::orig_cookie_domain
set content [HTTP::cookie value $val]
HTTP::cookie value $val [HTTP map "$::domain $::orig_domain"
$content]
}
}
}
when HTTP_RESPONSE {
HTTP::header replace Location [string map "$::orig_domain $::domain"
[HTTP::header value Location] ]
set cookie_number [HTTP::cookie count]
if { $cookie_number > 0 } {
set cookie [split [HTTP::cookie names] " "]
foreach val $cookie {
HTTP::cookie domain $val $::cookie_domain
set content [HTTP::cookie value $val]
if { [string match -nocase "*$::orig_domain*" $content] } {
set content [string map "$::orig_domain $::domain" $content]
HTTP::cookie value $val $content
}
if { [string match -nocase "*$::orig_domain*" $val] } {
set newval [string map "$::orig_domain $::domain" $val]
HTTP::cookie insert name $newval value [HTTP::cookie value $val] path [HTTP::cookie path $val] domain $::cookie_domain
}
}
}
if { ([HTTP::header exists "Content-Type"]) && ([HTTP::header "Content-Type"] contains "text") } {
HTTP::collect
}
}
when HTTP_RESPONSE_DATA {
regsub -all -nocase "$::orig_domain" [HTTP::payload] "$::domain" newdata
HTTP::payload replace 0 [HTTP::payload length] $newdata
HTTP::release
}
Peoplesoft uses some special cookies / javascripts to enable session / log-in tracking. And, it appears that, those only work under secure back-end AND secure-front end. So, basically, configuring client-ssl and server-ssl with some cookie name replacement, cookie value replacement, cookie domain replacement, and url content replacement on the virtual port did the trick. Here is the aflex rule that was used
when RULE_INIT {
set ::domain "virtualtest.ais.example.edu"
set ::orig_domain "cs89prd.ais.example.edu"
set ::cookie_domain ".ais.example.edu"
set ::orig_cookie_domain ".ais.example.edu"
}
when HTTP_REQUEST {
HTTP::header remove "Accept-Encoding"
HTTP::header replace host "$::orig_domain"
if { [string equal "/" [HTTP::uri]] } {
HTTP::redirect "https://$::domain/psp/cs89prd/?cmd=login"
}
set refer [HTTP::header "Referer"]
HTTP::header replace "Referer" [string map "$::domain $::orig_domain"
$refer]
set cookie_number [HTTP::cookie count]
if { $cookie_number > 0 } {
set cookie [split [HTTP::cookie names] " "]
foreach val $cookie {
HTTP::cookie domain $val $::orig_cookie_domain
set content [HTTP::cookie value $val]
HTTP::cookie value $val [HTTP map "$::domain $::orig_domain"
$content]
}
}
}
when HTTP_RESPONSE {
HTTP::header replace Location [string map "$::orig_domain $::domain"
[HTTP::header value Location] ]
set cookie_number [HTTP::cookie count]
if { $cookie_number > 0 } {
set cookie [split [HTTP::cookie names] " "]
foreach val $cookie {
HTTP::cookie domain $val $::cookie_domain
set content [HTTP::cookie value $val]
if { [string match -nocase "*$::orig_domain*" $content] } {
set content [string map "$::orig_domain $::domain" $content]
HTTP::cookie value $val $content
}
if { [string match -nocase "*$::orig_domain*" $val] } {
set newval [string map "$::orig_domain $::domain" $val]
HTTP::cookie insert name $newval value [HTTP::cookie value $val] path [HTTP::cookie path $val] domain $::cookie_domain
}
}
}
if { ([HTTP::header exists "Content-Type"]) && ([HTTP::header "Content-Type"] contains "text") } {
HTTP::collect
}
}
when HTTP_RESPONSE_DATA {
regsub -all -nocase "$::orig_domain" [HTTP::payload] "$::domain" newdata
HTTP::payload replace 0 [HTTP::payload length] $newdata
HTTP::release
}
0