Forum Discussion
Marvin
Cirrocumulus
CirrocumulusMultiple SAML SP access profile MRH cookie issue
Dear all, I am trying to configure the F5 Big IP as both SP and IDP using seperate access profiles configured on scope level profile (isolated). The IDP will then assure the SSO across all the SP...
MarvinCirrocumulus
CirrocumulusGood comparison is domain cookie (domain in cookie response v16) vs host cookie (full host name in v15.1 no domain specified)
https://medium.com/datamindedbe/a-summary-of-cookies-645beed9fd9
Host-only cookies match domains that exactly correspond with the domain attribute of the cookie. When setting cookies server-side, host-only is the default in the sense that cookies are host-only unless you specify a cookie’s Domain-attribute; the domain of such cookies is derived from the Host request header. (typically the behavior in vesrion 15.1 and not in 16)
MarvinCirrocumulus
Cirrocumulusit seems that if the access profile was configured with the domain value in SSO and later removed it will still be working on domain level (*.example.com), to solve this remove the access profile and recreate it then by default it is host cookie (weird but truth)