F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Steve_W_85246's avatar
Steve_W_85246
Icon for Nimbostratus rankNimbostratus
Oct 15, 2014

APM Access Profiles - SSO / Auth Domains - Authentication Domains Cookie (different domains?)

Im trying to setup SSO between two sites each with their own Access Policy using the multiple domains selection, so that upon entering the 2nd URL, credentials arent asked for again. Ive gotten thi...
BIG-IP Access Policy Manager (APM)
design
security
Steve_W_85246's avatar
Steve_W_85246
Icon for Nimbostratus rankNimbostratus
Oct 16, 2014

Yeah, I had read this page over and over when I was working on this. But I guess I had never really read 4 as clear as I thought I had..

 

4._ For Primary Authentication URI, type the URI the client is directed to, for example, http://login.com in order to receive an Access Policy Manager session. Each domain that you configure indicates the domain the Access Policy Manager session (established by the primary authentication URI) is bound to.

 

So, I guess the answer to my question is no. This isnt possible. By indicating what the starting login screen is going to be: login.domainA.com.. Ive established that my SSO session is valid only for addresses in domainA.com and if I call out to another domain (domainB.com), I will be challenged again.

 

Does that sound correct?