Forum Discussion
Nifford
Nimbostratus
NimbostratusCitrix XenApp iApp APM with Storefront - Cross Access Profile SSO
We've deployed the XenApp iApp in the configuration using APM to send traffic to Storefront. When deploying the iApp, I allowed it to create the APM access profile. I have since noticed that SSO between our Webtop AP and our Citrix AP doesn't appear to be working.
The Access Profile SSO Domain Cookie has the same value across both Access Profiles (ex. company.com), but when clicking the Storefront link (Webtop Link - Application URI ex. storefront.company.com) from the webtop, you are redirected to the F5 login page for the Storefront Access Profile.
Has anyone else seen this behavior? Any ideas how to get SSO from the webtop into the Storefront AP working?
I've also noticed that if I log into Storefront first, and open a new browser tab to the webtop, I immediately get a Connection Reset message.
Which iapp template did you deploy? The latest release is f5.citrix_vdi.v2.2.0.
NiffordWe deployed f5.citrix_vdi.v2.1.0, the latest available at that time. If it also helps, we're running Big-IP 11.5.3HF2.
- Can you elaborate a little more on your setup? Cross access profile - do you mean cross domain support or maybe you are using multiple APM's/APM policies?
- NiffordSSO between different Access Profiles on the same APM instance. So when you log into the webtop and are authenticated through the webtop access profile, you don't have to log in again when clicking the storefront link which sends you to the storefront access profile. And when I reference domain, the base fqdn (company.com) is what's specified for the Domain Cookie value on each Access Profile.
- I would verify the same SSO is being used throughout the configuration, if not your policies might be using the wrong cached session variables.I would suggest opening a support ticket, probably the fastest route to a solution as the configuration sounds like it has deviated from an access policy the iApp produces.
