SSO / Auth Domains not maintaining session

Question

I am setting up an SSO/Auth Domain Multiple Domains config to share access sessions across multiple Virtual Servers and have struck an issue.&nbsp;
I am following the details from here: http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-sso-config-11-1-0/4.html and http://blog.garraux.net/2013/05/f5-access-policy-manager-multi-domain-sso/, as well as the training material (where I did this in the course and it worked).&nbsp;
But what I am finding in my environment (which is 11.4.1HF2) is that when I go to the Primary Auth URI I get in all good, if I go to any of the auth domains then it redirects me to the Auth URI, but this does not see any existing session, and then sends me back to the auth domain, and back to the primary URI in a loop.&nbsp;
Am wondering if its related to this Q from a few weeks ago as the session resetting behaviour sounds about right for what is happening - https://devcentral.f5.com/questions/apm-recreating-session-when-user-hits-default-url&nbsp;
Anyone seen this or have any good ides&nbsp;

boneyard · Answer

are your domain and cookie settings correct?&nbsp;

david_123856 · Answer

So the answer here is that the Multiple Domain SSO stuff only works in LTM+APM mode. Not in pure APM mode.&nbsp;
Which is a challenge for my use case, but at least an answer&nbsp;

Forum Discussion

SSO / Auth Domains not maintaining session

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Use Kubernetes Cert-Manager to Maintain Let's Encrypt Certificates

Enriching AFM with public domain Threat Intelligence

F5 XC Session tracking with User Identification Policy

Use Fully Qualified Domain Name (FQDN) for GSLB Pool Member with F5 DNS

domain blocking

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS