Forum Discussion
SSO - multiple virtual servers
I managed to get this working with the following method.
I have 3 virtual servers - main.company.com - app1.company.com - NTLM SSO - app2.company.com - FORMS SSO
I wanted users to only have to authenticate once no matter which one they went to.
I configured a main access policy for main.company.com put all my client checks, logon page to capture username and password etc in that one and had a resource assign which gave me web top links to app1.company.com and app2.company.com.
On the app1.company.com and app2.company.com I also created a new access policy for each virtual server. I didn't put anything in the access policy, it just ends in a deny.
So now I have 3 virtual servers and 3 access policies.
app1 and app2 access policy do nothing except end in deny.
On all 3 access policies I set the profile scope to global.
On app1 access policy I set the SSO/Auth Domains to Multiple, specified the Primary Authentication URI to https://main.company.com. Primary cookie option left as secure. SSO configuration was set to my NTLM SSO profile.
In authentication domains I added Cookie Host app1.company.com, secure and SSO configuration my NTLM SSO profile.
On app2 access policy I set the SSO/Auth Domains to Multiple, specified the Primary Authentication URI to https://main.company.com. Primary cookie option left as secure. SSO configuration was set to my FORMS SSO profile.
In authentication domains I added Cookie Host app2.company.com, secure and SSO configuration my FORMS SSO profile.
Now the access scenarios -
-
User browses to main.company.com - clicks on webtop link to app1.company.com. User is logged in to app1.company.com using NTLM SSO.
-
User User browses to main.company.com - clicks on webtop link to app2.company.com. User is logged in to app2.company.com using FORMS SSO.
-
User browses to app1.company.com. They are redirected to main.company.com, they log in, and are then sent back to app1.company.com and SSO with NTLM.
-
User browses to app2.company.com. They are redirected to main.company.com, they log in, and are then sent back to app2.company.com and FORMS with NTLM.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com