Forum Discussion
NimbostratusMultiple SSO in a Portal
NimbostratusHi kj07208,
Thank you for the answer. I spent a bit of time trying different techniques. I just give a brief summary as it might help people facing similar issues (sorry if appears a bit messy).
-
SAML ended up not matching my needs (reminder: I have different web applications based on Spring security. Authentication is made through a form POST request. My webapps have different action form and parameters. I wanted to keep these applications untouched, so no SAML here).
-
I explored then the 'Portal Access' functionality. On the paper, this matched my needs (you create a Webtop or a webapp can play this 'portal' role, you define resource items, you can assign specific SSO,...), but in practice, it takes too much control over your app (especially the patching, I ended up not being able to use relative URLs)
-
finally, I realized that what I needed was really a reverse-proxy and I went back to the iRules way. I created a pool and a SSO HTTP form for each webapp. Then, I set a rule like:
when HTTP_REQUEST {
if { [HTTP::path] equals "/" } { root context redirects to /webapp-portal
HTTP::redirect "/webapp-portal/"
} elseif { [string tolower [HTTP::path]] starts_with "/webapp-portal/" } {
pool webapp-portal-pool
} elseif { [HTTP::path] eq "/webapp-portal/login" } {
WEBSSO::select sso-for-webapp-portal
} elseif { [string tolower [HTTP::path]] starts_with "/webapp1/" || [HTTP::path] eq "/webapp1" } {
pool pool-webapp1
} elseif { [HTTP::path] eq "/webapp1/signin" } {
WEBSSO::select sso-for-webapp1
}
I'm still a newbie on BIP-IP so I'm sure this is not best practice, but it helped me unblock so situations...
Hoping this can yelp someone,
David
Nimbostratus