Forum Discussion
alex100_194614
Nimbostratus
NimbostratusAPM SSO Domain Cookie Issue
Hi all,
I am running into the issue with SSO domain cookie. Let's say we have several sites which all use SSO for single domain mycompany.com So, single sign on works fine between the sites whic...
Do you have the three hosts defined in the cookie's host list? Are they defined as hosts and not domains?
If you have a domain cookie for mycompany.com, there's no way to prevent it from being sent to mysite.mycompany.com. However, you could add an irule to mysite.mycompany.com that detects whether an access session is started or not and ignores the cookie appropriately:
--
when HTTP_REQUEST {
if { [HTTP::cookie exists "MRHSession"] && ([ACCESS::session exists -state_inprogress] || [ACCESS::session data get "session.policy.result"] == "not_started" ) && ! [string equal "[HTTP::uri]" "/my.policy"] } {
log -noname accesscontrol.local1.err "$static::ACCESS_LOG_PREFIX [IP::remote_addr] access [HTTP::uri] with in_progress session, redirecting to logout URI"
HTTP::close
here you can do whatever you want, easiest option is to simply 302 user to logout URI to delete apm cookie and start over
HTTP::respond 302 Location "/my.logout.php3"
}
}