Forum Discussion

Cirrus

May 17, 2012

One APM session, Multiple VIPS

Hello, I have what I hope is an easy question but in my testing I haven't been able to find a solution. Accross all my virtuals I want maintain a single APM session. One VIP...

config

design

Kevin_Stewart

Employee

Aug 21, 2013

Still sounds like SAML. ;)

You'd basically have n+1 VIPs: one VIP is the "IdP" - the one responsible for requesting client cert, and then separate "SP" VIPs for each application. A user accesses an app VIP the first time, gets redirected to the IdP for cert authentication, and that VIP redirects back to the SP with an assertion that can contain arbitrary information that the SP's policy can use for additional evaluation (queries, SSO, etc.). When the user accesses a different app VIP, they're again redirected to the IdP, but this time they have an existing session so it's immediately redirected back with appropriate assertion without re-challenging the user.

Does that sound like it'll work for you?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

One APM session, Multiple VIPS

Recent Discussions

how to whitelist new source IP on F5 web UI access

F5 to read a combined CRL file

Upgrade F5 BIGIP

ISP Load Balancing, SNAT pool instead of Automap link self-ip, anyway to do health check ?

MAC address of deleted VS IP address still responsive

Related Content

Agility sessions announced

Will a port specific VIP override an ANY VIP?

single slot multiple core vs multiple slot single core

Multiple AD Authentication

Multiple CE nodes in vmware?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS