For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rbmcnicholas's avatar
rbmcnicholas
Icon for Nimbostratus rankNimbostratus
Apr 17, 2019

Multiple Domain Authentication SSO Doesn't work with Domain Cookie

Hello. I have an implementation where we have three virtual servers on one Big IP VE. The first virtual server is webtop.domain.com where the user first authenticates to and is presented with webtop links to the second virtual servers, app1.domain.com and app2.domain.com. Each virtual server has the same APM Profile attached, with a Global scope and Mutliple Domain Auth. Previously, I had each virtual server using the public IPs as the hostname. IE, users would go to 1.1.1.1 for webtop, 2.2.2.2 for app1, and 3.3.3.3 for app2. I had assigned a Cookie for each hostname and the SSO worked flawlessly. After navigating to the webtop and clicking the webtop links, the user would be sent to the applications without having to go through the APM access policy again.

 

Now, I have the actual domain names registered with DNS. I have tried using Single Domain and Multiple Domain with the domain.com cookie set. Each time the user clicks the webtop link, they get sent back to the Access Policy of webtop.domain.com. Even when I put the Cookie for each hostname (webtop.domain.com, app1.domain.com, and app2.domain.com) in the SSO/Auth settings, I get the same result.

 

How can I prevent the users from being prompted to reauthenticate and share the session variables across Virtual Servers using the same domain name, like I was successfully doing for the public IPs of the Virtual Servers?

 

Thank you!

 

No RepliesBe the first to reply