For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ottleydamian's avatar
ottleydamian
Icon for Cirrus rankCirrus
Dec 26, 2017

APM SSO session disables after one use

I created a Webtop with 2 portal access resources. Each portal access resource has an SSO forms resource associated with it. When I log on and click on either of the portal access links, I'm successf...
apm sso
BIG-IP Access Policy Manager (APM)
security
wonsoo_41223's avatar
wonsoo_41223
Historic F5 Account
Dec 28, 2017

I am not sure what is cause of the issue without log, but one possible issue is SSO successful logon detection. Form-based SSO has successful logon detection field and wrong configuration of this field can cause disabling SSO in the APM session even the SSO is successful.

 

Enable the SSO debug log and review the SSO debug log to find out any SSO failure event.

 

  • ottleydamian's avatar
    ottleydamian
    Icon for Cirrus rankCirrus
    Dec 28, 2017

    Thanks wonsoo,

     

    Since I'm new to APM I didn't know about the great treasure chest of info when debug is turned on. I was just looking at the logs as-is which was just notice level (novice mistake).

     

    I learned that both my Start URI and probably more importantly my Successful logon Detection was not exact. That fixed the issue. Then I noticed that the only resource item in my SSO configs that were actually being used is the '/*' not my attempt for more specific URI path info (not sure why as yet).

     

    The F5 APM class made SSO appear to be so easy. That is why I always wish I could do a class after using the product for a few months so I can ask better questions but it doesn't always work out that way :-(