Forum Discussion
NimbostratusCan a VIP belong to multiple SSO Multi-domain configurations?
For multi-domain support, is it possible for a VIP to belong in two separate multi-domain configurations?
I have one configuration with the following:
- apples.company.com (primary authentication service URL)
- grannysmith.company.com (participating domain)
Another configuration with the following:
- Oranges.company.com (primary authentication service URL)
- valencia.company.com (participating domain)
Now I want to add a third participating domain, Plants.company.com, to both configurations, so when a user logs into apples.company.com or oranges.company.com, they are automatically allowed into plants.company.com.
Amresh008It looks to be possible. Also, you can also try to change the isolation settings between the domains, in which case you will need to create the vip only once. Another method could be to create another domain and give its access on both of the existing domains.
Stanislas_Piro2Cumulonimbus
Hi,
The problem is how multi domain sso works!
When connecting to grannysmith.company.com, the user is redirected to apples.company.com to request authentication cookie even if user is already authenticated to apples.company.com
So, the multi domain url will be set by the access policy assigned to the vs managing plants.company.com
One solution is to add an irule to force cookie insert to plants when login to apples or oranges.