Forum Discussion
Nifford
Nimbostratus
NimbostratusIs SSO from LTM+APM VS to Webtop w/Advanced Resource Assignment possible?
Hello,
I am attempting to get SSO working between Access Profiles and I have hit a road block. Here is the behavior I am experiencing (as summarized by support):
1) Client connects to LTM+APM VS...
Unfortunately APM always uses the same session cookie name.
And for IdP configuration, you must run the access policy from an SP auth request.
I can think of two solutions:
1- you can assign the SAML SP resource to your users webtop. Then users can start it be having them click a link, and IdP will work. You can catch an authentication request in an Irule and transform it into an assertion (just redirect the user to the same URI as the resource click from the full webtop) also this way.
2- use multidomain mode but exclude your IDP vip's hostname.
NiffordNimbostratus
NimbostratusThanks for your response.
I just tried multidomain mode for the LTM+APM VS (NTLM AP). Unfortunately I still receive the same error message I was.
When looking at my browser cookies, I see two MRHSession and two LastMRHSession cookies. One set is for sharepoint.company.com, and the other is for company.com. But in the multidomain settings, company.com isn't used. The primary Auth URI is https://sso.company.com.
Any ideas why that would be happening?
Thanks.