For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Vinne73's avatar
Vinne73
Icon for Cirrus rankCirrus
Oct 19, 2015

APM multi domain SSO, incorrect timeout URL

Hi,   I've set up APM with multidomain SSO. Let's say I have a site "service.mydomain.com" and a login URL "login.mydomain.com".   Works fine, I go to service.mydomain.com, I don't have an APM ...
BIG-IP Access Policy Manager (APM)
security
Seth_Cooper's avatar
Seth_Cooper
Icon for Employee rankEmployee
Oct 19, 2015

The SSO_ORIG_URI is going to be consumed by login.mydomain.com and then it is part of the session. When the session timeout hits the session is removed. When you click "start a new session" this is completely independent of the previous request/session and a new request for my.policy happens in the browser. This new request gets a new session id and has no idea about the previous SSO_ORIG_URI so it will stay on the login.mydomain.com resource.

 

I suggest configuring a longer timeout value if this is a problem.

 

Seth