Forum Discussion

Nimbostratus

Nov 18, 2022

Share session multiple VPE

I have two VPE * VPE1 ( multiple oauth apps with SSO) - VirtualServer1 * VPE2 (multipe saml apps with SSO) - VirtualServer2 customers need to access applications from both VPEs. Is it possible ...

application delivery

Share session

Scot_JC

Employee

Nov 19, 2022

Hi,

One first option would be with experimenting with the "Profile Scope", and to pay attention to any negative side effects, especially if we also have VPE3, VPE4 and so on. Do you mind me asking "why having/keeping 2 separate VPE?" Some kind of legacy? Do they both authenticate users within the same domain/realm (I mean: if user1 is authenticated to VPE1/domain1, does that mean we have some kind of "trust" with VPE2/domain2"? I mean: user1 is authenticated to VPE1/domain1: does that mean SSO2 should be using username/credentials from domain1 to connect to app from domain2) Should this apply to all users? Do the FQDNs for VIP1 and VIP2 belong to the same domain? (sorry for the burst of questions, here;))

ruancarloss
Nimbostratus
Nov 19, 2022
both vpe authenticate to same AD, with same fqdn.

the reason for having two vpe is to keep oauth policies (oauth_profile) separate from the others.

I had already configured the profile scope as global, but apparently it doesn't work as expected. when calling applications from another vpe it requires login.

That's exactly the idea... Users authenticated in vpe1 somehow perform auth/SSO when calling applications from vpe2, that is, without calling a new authentication.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Share session multiple VPE

Tyler - May 2026 Featured Member

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

F5 Send email and snmp trap from LTM log event

shame on f5

Dynamic import of data groups

ASM allow specific url from outside country of geolocation ON

AWAF Detection Inconsistency Between Similar Test Payloads

Related Content

F5 Architecture Track Sessions - AppWorld 2026

Using n8n To Orchestrate Multiple Agents

The Blind Spot in Cloud WAF Architectures: Shared IPs and the Origin Bypass Problem

F5 Per-App AS3 Part 1 How Share Tenant specific object

MCP Session Affinity With F5 NGINX Plus

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS