Forum Discussion
Micah_Haarbrink
Nimbostratus
NimbostratusSAML Cookie Persistence after browser/system restart and across service providers
I am fairly new to the F5 world and in the beginning of setting up our LTM's as SAML IdP's for a variety of services. Our first use-case is Jive, which we have working and all the attributes are pul...
Rabbit23_116296Nimbostratus
NimbostratusThat's exactly what i have been trying to achieve. So under SSO auth settings which options do you use to set the cookie? Secure and persistent tick boxes? And then you just bind the irule to the virtual server?
Sorry for all the questions. Been trying to get this to work..
Micah_HaarbrinkNimbostratus
NimbostratusYep, I check both of those. I set the domain cookie as the parent domain (I have multiple Access Porifles sharing that cookie). I also set the Maximum Session Timeout to match the number of seconds in the iRule. The contractor I was working with suggested matching those, but I'm not sure if it's technically a requirement. We had a hard date to go live so I've been dealing with go-live issues and haven't been able to test and break additional policies to verify the bits and pieces that matter most.
So essentially I have
Virtual Server A
Access Policy A
Maximum Session Timeout (set to X seconds)
SSO/Auth Domain Cookie set to parentdomain.com
Secure checked
Persistent checked
Presistent iRule (set to X seconds)
Virtual Server B
Presistent iRule (set to X seconds)
Access Policy B
Maximum Session Timeout (set to X seconds)
SSO/Auth Domain Cookie set to parentdomain.com
Secure checked
Persistent checked