F5 primary authentication URI - Session Expired issue
The F5 Guide for SharePoint 2013 says:
"F5’s APM and AAM modules also support the deployment of host-named site collections. When deploying the SharePoint iApp, you must enter each site collection FQDN in the "What FQDNs will clients use to access the servers?" question of the template. When accessing the web application via BIG-IP APM, the client will be redirected to the primary authentication URI, which is the first host entered in the FQDNs table. After authentication, BIG-IP APM redirects the client to the original request URI."
This works when logging in, however I am finding that if my session expires and you then click the "new session" it directs you to login to the primary authentication URI (not the site one was logged into), and if you don't have permissions to that primary authentication URI site then you get an access denied message, moreover if you do have access to the primary authentication URI site you login in to the primary authentication URI site which may not be the site you wanted to login to.
Example:
I request apple.contoso.com
F5 redirects me to the primary authentication URI login.contoso.com
I login
F5 redirects me back to apple.contoso.com
I go for lunch and come back only to find my session has expired and F5 page displaying
I click "new session" and it goes back to login.contoso.com
I login but get access denied because I do no have access to the login.contoso.com site (or if I have permissions to login.contoso.com site it logs me into that site and not apple.contoso.com the site I was originally on.
Does this makes sense? Is this by design or have we configured something incorrectly?
Any help appreciated.