Can a VIP belong to multiple SSO Multi-domain configurations?

Question

For multi-domain support, is it possible for a VIP to belong in two separate multi-domain configurations? &nbsp;
I have one configuration with the following:&nbsp;
apples.company.com (primary authentication service URL) grannysmith.company.com (participating domain)
Another configuration with the following: &nbsp;
Oranges.company.com (primary authentication service URL) valencia.company.com (participating domain)
Now I want to add a third participating domain, Plants.company.com, to both configurations, so when a user logs into apples.company.com or oranges.company.com, they are automatically allowed into plants.company.com.&nbsp;

amresh008 · Answer

It  looks to be possible. Also, you can also try to change the isolation settings between the domains, in which case you will need to create the vip only once. Another method could be to create another domain and give its access on both of the existing domains.&nbsp;

stan_piron · Answer

Hi, &nbsp;
The problem is how multi domain sso works!&nbsp;
When connecting to grannysmith.company.com, the user is redirected to apples.company.com to request authentication cookie even if user is already authenticated to apples.company.com&nbsp;
So, the multi domain url will be set by the access policy assigned to the vs managing plants.company.com&nbsp;
One solution is to add an irule to force cookie insert to plants when login to apples or oranges.&nbsp;

Forum Discussion

Can a VIP belong to multiple SSO Multi-domain configurations?

2 Replies

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

IPv8 Would Fix My Routing Tables. It Will Never Ship.

Recent Discussions

f5 r5600 appliance issue with adding trunk to vlan

SSL Forward Proxy, iRules and Client Hello

Errors with AS3 3.56.0 with F5 17.5.1.6

F5 ASM/AWAF – violations logged but no learning suggestions generated

F5 VELOS Backplane Inter-Tenants Communication

Related Content

Multiple Ways to Configure Usage Reporting in NGINX

Using n8n To Orchestrate Multiple Agents

Managing iRules configuration

How to configure pool to go down if multiple members are down

F5 BIG-IP Advanced WAF – DOS profile configuration options.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS