Forum Discussion

Nolan_Jensen_23's avatar
Nolan_Jensen_23
Icon for Nimbostratus rankNimbostratus
Jan 17, 2018

Domain Cookie SSO

Hello All,

 

I am trying to figure out why sso using a domain cookie is not working for just one of my applications. I am running 12.1.2 and have domain cookie working for other applications so not sure why this one is not cooperating.

 

Current configuration I have a webtop (webtop.test.com) with application that is not allowing SSO at the moment (app1.test.com)

 

Webtop.test.com

 

  • Access policy that uses Logon page > AD Auth > SSO Credential Mapping > Advanced Resource assign
  • Advanced resource assign has portal access, few SAML, webtop, and webtop links
  • Access Policy is set to Global for Profile Scope
  • SSO/Auth Domains has domain cookie test.com and Secure flag checked

app1.test.com

 

  • textapp1.test.com is a virtual server on the BIGIP
  • access policy Logon page > AD Auth > SSO Credential Mapping
  • Access Policy is set to Global for Profile Scope
  • SSO/Auth Domains has domain cookie test.com and Secure flag checked

Issue

 

When I login to the webtop and click on the link to app1 I am getting prompted to login again via the app1 access policy login page.

 

Troubleshooting

 

  • I can see using sso tracer that the cookie that is created when logging in to webtop is not being used by app1 because it creates a new LastMRH Session id.
  • I have tried to add persistent to sso/Auth domains
  • I have another app app2 that is configured the same way but this one works as I would expect.
  • If I login directly to app2 then open a new tab and go to app1 domain cookie is working as I am not prompted to login again.
  • I have enabled debug on webtop and app1 but the apm log doesn't show anything useful for app1 since it doesn't login.
  • I have tested on Chrome, Firefox, Edge and IE11 all have same issue for sso to app1 from webtop.

Any ideas would be greatly appreciated.

 

Thanks