Forum Discussion

Cirrus

May 05, 2021

Cors preflight requests problem

I have two different web applications that make requests to domain names other than themselves. For example, x.domain.com makes a request to y.domain.com to retrieve certain data. The user is authent...

application delivery

BIG-IP Access Policy Manager (APM)

Johan_Lång

Cirrus

Hmm, not quite, I think.

Isnt it the client who makes the acctual call to the backend server, y.domain.com?

x.domain.com responds with a 302 to the client with a new location header and the client trying to make a new request to the new location?

In your scenario, x.domain.com makes the acctual request to y.domain.com in the back, right?

But if there is way to accomplish that instead, im in! :) but im not sure how to do that really..

Best regards,

Johan

AlexBCT

Cumulonimbus

May 07, 2021

Ahyes, that's another way indeed - there are many ways in which you can get multiple components from different sources.

In that case, I think this is what you are looking for: https://techdocs.f5.com/en-us/bigip-14-0-0/big-ip-access-policy-manager-authentication-and-single-sign-on-14-0-0/single-sign-on-and-multi-domain-support.html You can configure the APM policy to be working for multiple domains, but only have a single login. Check under the heading "Configuring an access policy for SSO multi-domain support" for the exact instructions.

Basically you tell the policy to look out for requests for any of the following domains. In your case you configure the multi-domains as x.example.com and y.example.com, with probably x.example.com as your main authentication URL. You then attach the same APM policy to both virtual servers (x. and y.) and let the user go to either one. If the user is not logged in yet and goes to y., they will be redirected to the primary authentication URL (x. in the above example) for login, and then get redirected back to y. for the content. If the user first goes to x., they will log in first, then get redirected by the backend to y., which will check over the session details and allows it through without showing the login page again.

Hope this makes sense (..and works! ;)

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Cors preflight requests problem

Recent Discussions

show system - attribute values

Upgrade F5 BIGIP

iRule: Failure to activate payload

APM integrate with Azure Intune

how to whitelist new source IP on F5 web UI access

Related Content

C3D first request problem

Source_Addr Persistence Problems

Logging of DNS Requests and Responses without a DNS license

Problem about Export imformation to Excel

Monitoring Failure OAuth request

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS