Forum Discussion
NimbostratusAPM SSO between multiple virtual server (single domain)
Hi All,
We are trying to deploy a SSO Authentication between multiple Virtual Server. All are related to the same domain (mycorp.com)
We tried to find a correct setup in APM with SSO (Single Domain / Multiple Domain Cookie) but without success. Could you please send me some advice to complete the setup
VS1: login.mycorp.com VS2: app1.mycorp.com VS3: app2.mycorp.com
Here is what we are expecting.
If End user goes even to VS2 (App1) or VS3 (App2) he will first be redirected to VS1 (Login). There we have an APM Profile that will validate the user via SAML / ADFS. Once validated End User can access to VS2. If the End User tries to go in VS3 he should not be redirected to VS1 (Login) as he is already authenticated
Is it possible ? I'm almost sure it's possible
If User closes its browser I guess there is no way to have a permanent cookies valid for few days?
Thank you for your recommandation
Regards
Nicolas
Jason0_309417Cirrus
Try using the same APM policy for each virtual server. On the "SSO/Auth Domain" tab of the access profile, select single domain and put mycorp.com under domain cookie.
To control how long a user can remain authenticated you'll have to change the timeout values under the access policy "Properties" tab and change the cookie type to persistent under "SSO/Auth Domain".
ndaems_145583Hi,
Thank you for the update
I forgot to mention that each VS have multiple fqdn pointing on it.
Our APM VPE is very basic and use a SAML Auth to an exernal IdP (ADFS). So F5 is running as SP. We need to be sure that the SAML assertion will be sent back to the correct APM. Due to the multiple FQDN I'm a bit lost and don't know how to implement this
Thank you