JIRA has a little caveat when using SSO for the gadets... During server start-up it makes an outbound HTTP call thru the load-balanced address to resolve the gadget meta data. To make that work, you must disable SSO for the pool member IP address. I have also had good success with using Basic Auth to do the SSO. However, Basic Auth fails then the JIRA session has timed out on the backend.
Here is the iRule that you can apply to fix the gadget issue.
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] mask 255.255.0.0] equals "10.7.0.0" } {
Disable APM for Data-center clients (Application-to-Application)
set access_bypass 1
return
}
}
when HTTP_REQUEST {
Handle selective disablement of the Access policy. This variable could be defined in another iRule or Policy.
if {[info exists access_bypass]} {
Only manipulate the ACCESS profile if access_bypass has been defined; otherwise use default behavior
if {$access_bypass == 1} {
if {!([HTTP::uri] starts_with "/F5Networks-SSO")} {
Only disable the ACCESS policy if it is not the URL for multi-domain auth cookies
ACCESS::disable
}
} else {
ACCESS::enable
}
}
}