F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Micah_Haarbrink's avatar
Micah_Haarbrink
Icon for Nimbostratus rankNimbostratus
Jan 09, 2014

SAML Cookie Persistence after browser/system restart and across service providers

I am fairly new to the F5 world and in the beginning of setting up our LTM's as SAML IdP's for a variety of services. Our first use-case is Jive, which we have working and all the attributes are pul...
cookie
design
saml
security
SSO
Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
Feb 03, 2014

Hi Micah

 

I have tested the above and I wanted to know what do you managed to achieve with the above? We have a service provider that has a short cookie and or saml session validity that constantly redirects users back to our idp. We want to work around this.

 

Does this provide a cookie authentication mechanism to the idp which does not require the user to re-enter credentials?

 

  • Micah_Haarbrink's avatar
    Micah_Haarbrink
    Icon for Nimbostratus rankNimbostratus
    Feb 05, 2014
    This applies an expiration to the cookies that the F5 establishes. The number after MRHSession and LastMRH_Session is the number of seconds the cookie is good for. Without this iRule, the cookies were just left as a session cookie and would disappear when we closed the browser or restarted the system. Now the cookie stays valid on the system for that long. If the SP sends back an authentication request, the user hits the F5 logon page, the cookie is checked and if it's still good just sends the user back to the SP.