For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Micah_Haarbrink's avatar
Micah_Haarbrink
Icon for Nimbostratus rankNimbostratus
Jan 10, 2014

SAML Cookie Persistence after browser/system restart and across service providers

I am fairly new to the F5 world and in the beginning of setting up our LTM's as SAML IdP's for a variety of services. Our first use-case is Jive, which we have working and all the attributes are pul...
cookie
design
saml
security
SSO
Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
Feb 06, 2014

Thanks I'll test this today.

 

We use our Idps in a similar way, we have our a VS fpr each idp. i.e. dropbox.company.com and google.company.com. I have setup dropbox with a redirect irule "ACCESS::respond 302 Location https://dropbox.company.com/saml/idp/res?id=/SSO/dropbox"

 

So from my understanding the cookie should now be set for requests coming to dropbox.company.com - and subsequent service provider samlrequests should not challenge my idp for creds as I should pass the cookie header. Is your solution tested for IDP initiated SAML logon or is this something you don't use? Reason is, after implementing, when I close my browser and go back to my idp dropbox.company.com it presents me with the same logon form.