Forum Discussion
How to get SSO information from 1 vcmp to another
Hi
My setup I have a cluster 2 nodes called vcmp1
on here I have 2 VS
login (saml idP)
auth (saml SP and a OAuth server)
I have vcmp2 cluster and it has VS
test - it uses oauth client - so links back to auth and auth to login
What this means is people log into the login server - think username and password.
I can get username to transfer from login -> oauth -> test using saml and claim for userid in the OAuth token
But I don't want to put the password in there - even if its encrypted (do others do this, just seems bad)
On the test VS i need the users password to log into a backend app that doesn't take oauth or saml (think atlassian server)
My understanding is I can extend an APM session from 1 vcmp to another (bigip to another).
I was thinking to do a sideband call to login filter that to only be allowed to be called by the F5's and grab an excrypted password that way
so
client call test/uriForJira
In a irule if i don't have a password, I 302 to login/getMySession
login/getMySession return via 302 say test/uriForJira?MySession=<sessionid - basically MRHSession>
then vcmp2 makes a sideband call to login/FROMVCMP2?MRHSession - which would return the password encrypted with AES 256.
Does that seam reasonable
Do i do it in irules or irules.lx (node.js)
Or is there another way to do this ?
Are you syncing APM policies across the 2 F5 instances?
- AlexS_ybCirrocumulus
Hi
Sorry not well described on my part
so I have a cluster - A/P a-vcmp1 & b-vcmp1
I have those syncing
Then I have another cluster another A/P
a-vcmp2 & b-vcmp2 those re sync
I wanted multidomian SSO capabilities
so lets say login & auth VS exist on vcmp1 cluster
and i have test VS on vcmp2
I would like to have SSO capabilities of login into login and then with those credentials log into test
I have that right now but using OAuth between test and auth and using auth as a SP and login as a Idp
But I though I would recheck to see if there was a way to just us MRHSession for my domain and basically get the APM Session table replicated between cluster vcmp1 & vcmp2
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com