Forum Discussion
Slayer001
Cirrus
CirrusF5 APM SAML skip MFA for X days
We have a single sign-on setup that works with SAMLv2 where F5 APM is the Idp and authentication is done via MFA. This works for single sign-on within the same browsing session. If a user connects to...
Slayer001Cirrus
CirrusHi Niels, Thanks for your answer.
Can you elaborate a bit on why we need multi-domain SSO? We now work with SAML resources in an VPE flow. Is the multi-domain SSO really necessary as SSO is working at the moment?
You mention the IP address but that can change for the same device (e.g using mobile data / wifi). I was thinking about the username, user-agent and something device specific but don't know what to use for that as the user-agent can be the same for multiple devices using the same browser and OS.
Do you perhaps have an example somewhere on how to create the encrypted temporary cookie with a hash value in an iRule?
