Forum Discussion
Stefan_Finke_83
Nimbostratus
NimbostratusWebtop in a Multi Domain Access Profile
Hello,
i'm trying to configure a Webtop (Type Full) with some Links on it in a Multi-Domain Access Profile (BigIp 11.2.1). In a Single Domain AP everything works as expected. But in the multi domain setting the Webtop does not pop up.
Is there anything special to configure the WebTop in a multi domain setting? On which URI will the WebTop be placed? On the Primary Authentication URI?
Or is the WebTop Feature not working in a multi-domain Acess Policy at all?
Thank you,
Stefan
1 Reply
- Kevin_Stewart
Employee
I'll be the first to admit that the multidomain APM feature is somewhat confusing. The general idea is that it's a mechanism for creating SSO across multiple applications, given a single (or set of) domain/site cookie(s) and a single (or set of) access session(s). Think of it like this: the login URL provides the client side authentication process (logon page, AD/LDAP/RADIUS auth/query, certificate auth, etc.). It's job is to collect and validate the client credentials and store them in a session object. The site URLs provide the server side authentication process. They know, by virtue of the multidomain setting in the access policy, that the session object is being created by another URL, and will use that value when the client presents it. So to answer your original question, it wouldn't really make sense to have a webtop on the logon virtual server, and the site URLs will completely bypass the access policy (except for SSO profiles) and go right to ACCESS_ACL_ALLOWED.
Of course I could be completely wrong, but that's my understanding of the multidomain feature.
