Domain Cookie SSO

Hello All,

 

I am trying to figure out why sso using a domain cookie is not working for just one of my applications. I am running 12.1.2 and have domain cookie working for other applications so not sure why this one is not cooperating.

 

Current configuration I have a webtop (webtop.test.com) with application that is not allowing SSO at the moment (app1.test.com)

 

Webtop.test.com

 

• Access policy that uses Logon page > AD Auth > SSO Credential Mapping > Advanced Resource assign
• Advanced resource assign has portal access, few SAML, webtop, and webtop links
• Access Policy is set to Global for Profile Scope
• SSO/Auth Domains has domain cookie test.com and Secure flag checked

app1.test.com

 

• textapp1.test.com is a virtual server on the BIGIP
• access policy Logon page > AD Auth > SSO Credential Mapping
• Access Policy is set to Global for Profile Scope
• SSO/Auth Domains has domain cookie test.com and Secure flag checked

Issue

 

When I login to the webtop and click on the link to app1 I am getting prompted to login again via the app1 access policy login page.

 

Troubleshooting

 

• I can see using sso tracer that the cookie that is created when logging in to webtop is not being used by app1 because it creates a new LastMRH Session id.
• I have tried to add persistent to sso/Auth domains
• I have another app app2 that is configured the same way but this one works as I would expect.
• If I login directly to app2 then open a new tab and go to app1 domain cookie is working as I am not prompted to login again.
• I have enabled debug on webtop and app1 but the apm log doesn't show anything useful for app1 since it doesn't login.
• I have tested on Chrome, Firefox, Edge and IE11 all have same issue for sso to app1 from webtop.

Any ideas would be greatly appreciated.

 

Thanks