For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

InnO's avatar
InnO
Icon for Nimbostratus rankNimbostratus
Dec 03, 2015

APM - Reuse existing current session

Hi,   I have a VIP configured with an APM policy for authentication with an initial login form. There are multiple host names to access this VIP, all with the same domain name. Whenever I am acce...
application delivery
BIG-IP Access Policy Manager (APM)
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Dec 03, 2015

Hi,

you have multiple solutions:

  • In the Access Profile SSO Domain tab, define the cookie domain with company.com (it will send the domain=company.com property in the session cookie. the browser will send the cookie for every websites in the domain company.com)
  • In the Access Profile SSO Domain tab, Select Multiple domain cookie and define every hosts which may share the same cookie.
  • If you can define a value defining the user (cookie inserted by the server, ip address, hash of the user-agent and IP...) you can change the session uuid variable to this value and search it in every following request..

the following irule is an example from active sync irule provided by F5.

when HTTP_REQUEST {
    set user_key "something found in the request"
    set apm_cookie_list [ ACCESS::user getsid $user_key ]
    if { [ llength $apm_cookie_list ] != 0 } {
    set apm_cookie [ ACCESS::user getkey [ lindex $apm_cookie_list 0 ] ]
    if { $apm_cookie != "" } {
            HTTP::cookie insert name MRHSession value $apm_cookie
        }
    }
 }

when ACCESS_SESSION_STARTED {
    set user_key "something found in the request"
    if { [ info exists user_key ] } { ACCESS::session data set "session.user.uuid" $user_key }
}