Forum Discussion
NimbostratusAPM Access Profiles - SSO / Auth Domains - Authentication Domains Cookie (different domains?)
Im trying to setup SSO between two sites each with their own Access Policy using the multiple domains selection, so that upon entering the 2nd URL, credentials arent asked for again. Ive gotten this to work when Ive set my Authentication Domains Cookie to be named: "domainA.com" on both Access Policies and both sites in question are: site1.domainA.com and site2.domainA.com. No problem, that works fine.
My question is what to do when I need that same SSO between sites of different domains.. the first URL is still site1.domainA.com, but the second URL is site2.domainB.com. If my Authentication Domains Cookie on both Access Policies is still "domainA.com" it doesnt work... If I add both "domainA.com" and "domainB.com" as cookies on both Access Policies it still doesnt work.
Is what Im trying to do possible? Any help is appreciated. Thanks. Steve.
2 Replies
This site explains it all. Single Sign-On and Multi-Domain Support
Steve_W_85246Yeah, I had read this page over and over when I was working on this. But I guess I had never really read 4 as clear as I thought I had..
4._ For Primary Authentication URI, type the URI the client is directed to, for example, http://login.com in order to receive an Access Policy Manager session. Each domain that you configure indicates the domain the Access Policy Manager session (established by the primary authentication URI) is bound to.
So, I guess the answer to my question is no. This isnt possible. By indicating what the starting login screen is going to be: login.domainA.com.. Ive established that my SSO session is valid only for addresses in domainA.com and if I call out to another domain (domainB.com), I will be challenged again.
Does that sound correct?
