Forum Discussion

JD1's avatar
JD1
Icon for Altostratus rankAltostratus
Feb 05, 2015

WebSSO - Multiple detections or single time?

Hi all,

 

Quick question on WEBSSO.

 

User logs into F5 APM -> Provided a Portal (With SSO Config) -> Backend Application launches, SSO kicks in and logins -> User works on application, then clicks logout (NOT APM logout, just app) -> Sent to application logon screen.

 

Will SSO kick in the second time? My view suggests it fires one and then disables itself so the next time the start uri comes up nothing happens from Big-IP.

 

If it is single firing, is there a way to ensure it logs the user back in immediately?

 

I know this is a bit odd, and most people would force APM to logout when the app does, but we can't for other circumstances

 

  • as far as I remember every detection match will fire it. There is no 1st,2nd,etc match. could be an issue if the app logout page redirects on its logon page (some websphere apps default behaviour)

     

  • In my applications clicking refresh will cause SSO to be processed again. We need this functionality as well so that some users can switch to a different identity for only one application. SSO should not because disabled or this will fail. Check your apm log for these types of messages. If you are having issues saying the SSO has been disabled, then configure the SSO success match criteria.