For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Aug 12, 2015

you can use multiple domain SSO feature with host and not domains...

 

the difference between both features is:

 

  • with single domain SSO, you authenticate on one of URLs and the cookie is sent to browser for all the domain
    • when the user access every domain web sites, the cookie will be sent even if there is not APM.
  • with multi domains SSO, you define one URL which is the authentication URL (ex : login.company.com)
    • when he user request sharepoint.company.com, he is redirected to https://login.company.com
    • the user authenticate on APM
    • after authentication, the user is redirected to sharepoint.company.com with sharepoint session cookie
    • when a user request exchange.company.com, is is already authenticated

be careful to not define SSO multi domains to test and roll back to single domain... as you can't remove the last multi domain item, it remains in configuration and can generate strange behavior...

 

I did it on one customer site and i needed to remote the last item with tmsh.

 

before testing multi domain profile, clone the profile and activate multi domain on clone.

 

  • Saadat's avatar
    Saadat
    Icon for Nimbostratus rankNimbostratus
    May 20, 2019

    Piron, you saved me a lot of time. I was going back and forth with single and multidomain and was seeing inconsistent results. Thanks