Forum Discussion

RecontuerSG_258's avatar
RecontuerSG_258
Historic F5 Account
Apr 30, 2017

Multiple Layered Virtual Servers - Each different SSO method

Dear all, I have configured layered virtual servers to have SSO for full network access users coming in from mobile devices. A webtop is not feasible in my deployment scenario.

 

The layered virtual server has source = 10.1.152.0/24 destination = 10.0.0.0/8 This virtual server has an SSO access policy profile configured for ntlm SSO.

 

However, there is a particular site that uses HTTP Basic. So I'd created another layered VS: source = 10.1.152.0/24 destination = 10.x.x.x/32

 

Traffic will ALWAYS flow through virtual server configured with NTLM SSO even if I browse to that HTTP Basic site.

 

Is there a way to have multiple layered VS and each has a different SSO?

 

Thank you!

 

  • Hi,

    The VS with greater mask length must match and not the other one. there may be a configuration error.

    you can also change SSO profile with an irule :

    when ACCESS_ACL_ALLOWED {
        if {([IP::addr [IP::local_addr]/32 equals 10.1.2.3])} {
            WEBSSO::select /Common/sso_basic
        }
    }
    
  • RecontuerSG_258's avatar
    RecontuerSG_258
    Historic F5 Account

    Thanks Kevin and Stanislas. Source 10.1.152.0/24 is an internal IP pool used to assigned to authenticated mobile users via the APM login page.

     

  • Just above destination...

     

    You can create multiple vs with same destination but with different sources.

     

  • What does "source" mean in the description above? Where are you configuring this on the virtual server.