Forum Discussion
Micah_Haarbrink
Nimbostratus
NimbostratusSAML Cookie Persistence after browser/system restart and across service providers
I am fairly new to the F5 world and in the beginning of setting up our LTM's as SAML IdP's for a variety of services. Our first use-case is Jive, which we have working and all the attributes are pul...
Micah_HaarbrinkNimbostratus
NimbostratusHere is the rule. We apply this to each Virtual Server we create that has an SSO policy associated with it and in the SSO/Auth Domains section of the Access Policy put the same parent domain in the domain cookie field.
So we have auth.mycompany.com for one IdP, auth2.mycompany.com for another and each of those has it's own Access Policy and Virtual Server. Then they both have mycompany.com in the SSO/Auth Domains section of each of those Access Policies.
Oh and the session timer is stupid long because currently marketing is requiring that sessions remain active for 7 days. We'll see how long that lasts before it causes problems =/
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when HTTP_RESPONSE_RELEASE {
HTTP::cookie expires MRHSession 604800
HTTP::cookie expires LastMRH_Session 604800
}