SSO for Storefront and AAC in same domain

Using WEBSSO::select fixed this. But I ran into the bug where by you cannot select a client-initiated form using WEBSSO::select (still not fixed in 11.4.1 HF1 build 625)

I spent ages playing with my client-initiated form as the default SSO object (defined in the access profile) and using WEBSSO::select to select my forms-based SSO object but could not get it to work (Kevin Stuart has got this working though - https://devcentral.f5.com/questions?pid=28) I think in my case this is something to do with the way Storefronts logon page works. It sends a lot of POST's whilst generating the logon page and I found that my browser would get stuck in a loop re-submitting the POST for the URI that was being matched by my SS)::select iRule.

I eventually found the workaround to the WEBSSO::select bug and this worked for me (ie. I made the forms based SSO the default and used to WEBSSO::select to select by client-initiated SSO as described below) -

399696Selecting an SSO configuration with WEBSSO::select does not work for form-based client initiated and SAML configurations. You can work around the problem by using a variable to assign the configuration object name. For example: set sso_config /Common/SAML-config WEBSSO::select $sso_config unset sso_config