Forum Discussion
Rabbit23_116296
Nimbostratus
NimbostratusShare access cookie
So I have a webtop that has all the portal resources/webtop links and SAML resources working just fine. The virtual of course, needs a rewrite profile for the portal resources. This is called for arguments sake, webtop.company.com
What I do want however, if for the links / access to these sites to work exactly the same. i.e. the relative URI's must stay in tact and one access policy must control access to all *.company.com sites. What I find is that if the session.server.network.name / [HTTP::host] changes, it insists on creating a new access policy session. I want to stop this.
I have got this to work for a a non-webtop APM enabled virtual with an access policy that has a .company.com single domain cookie that sends say websitea.company.com to a pool with various settings. If i logged in to the persists across all the services. Really happy and this is what I want but what I am trying to do is get this to work on the same virtual as the webtop. Is what I'm trying to do possible? What I want is that if someone already has an APM session, they will go directly to the full HTTP link of a specific site.
Here's the irule on the non-webtop virtual that works a treat:
when ACCESS_ACL_ALLOWED {
log local0.notice "WHEN ACCESS_ACL_ALLOWED: [HTTP::host] URI: [HTTP::uri]"
switch -glob [string tolower [HTTP::host]] {
"jira.company.com" {
log local0.notice "jira found papa HOST: [HTTP::host] URI: [HTTP::uri]"
COMPRESS::disable
set http_path [HTTP::path]
pool /CorpWeb/jira.company.com_int.app/jira.company.com_int_pool
WEBSSO::select /SSO/sso-basic
switch -glob [string tolower [HTTP::uri]] {
"/" {
if {[HTTP::method] equals "GET"} {
log local0.notice "In Jira root and the method is a [HTTP::method] : [HTTP::host] with URI [HTTP::uri]"
HTTP::uri "/jira/secure/Dashboard.jspa?os_authType=basic"
}
log local0.notice "original path
}
}
}
"wiki.company.com" {
pool /CorpWeb/wiki.company.com_int.app/wiki.company.com_int_pool
WEBSSO::select /SSO/wiki-forms
}
"office.company.com" {
pool /SSO/apm.office.company.com.app/apm.office.company.com_pool
WEBSSO::select /SSO/sso-basic
}
default {
default_pool
WEBSSO::disable
}
}
}
Rabbit23_116296so with this irule, service wiki, office and jira will go directly through with the .company.com domain cookie. How can i get this to work on the same virtual/listener that has the webtop configured is what i'm asking?- Rabbit23_116296so with this irule, service wiki, office and jira will go directly through with the .company.com domain cookie. How can i get this to work on the same virtual/listener that has the webtop configured is what i'm asking?
Stanislas_Piro2Cumulonimbus
did you configure cookie domain of Access policy with company.com????
the session cookie will be sent to user with domain company.com and the browser will send it for every URL of domain company.com
the other solution is to user multiple domain cookie.
kunjanHave you tried setting cookie name "company.com" in the AP configuration ? that will share the cookie across.
- Rabbit23_116296yes i've set it as ".company.com" - problem is when I try to access another virtual server (different access policy too), then F5 gets nasty and rejects the session because of an invalid session ID.
kunjan_118660Have you tried setting cookie name "company.com" in the AP configuration ? that will share the cookie across.
- Rabbit23_116296yes i've set it as ".company.com" - problem is when I try to access another virtual server (different access policy too), then F5 gets nasty and rejects the session because of an invalid session ID.
- Stanislas_Piro2
the other way is to define multi domain sso...
- Stanislas_Piro2
in multi domain configuration, you can specify either hosts or domain cookies.
You can specify a cookie for a.company.com and b.company.com.