Forum Discussion
Stefan_Finke_83
Nimbostratus
NimbostratusWebtop in a Multi Domain Access Profile
Hello,
i'm trying to configure a Webtop (Type Full) with some Links on it in a Multi-Domain Access Profile (BigIp 11.2.1). In a Single Domain AP everything works as expected. But in the multi do...
Kevin_Stewart
Employee
EmployeeI'll be the first to admit that the multidomain APM feature is somewhat confusing. The general idea is that it's a mechanism for creating SSO across multiple applications, given a single (or set of) domain/site cookie(s) and a single (or set of) access session(s). Think of it like this: the login URL provides the client side authentication process (logon page, AD/LDAP/RADIUS auth/query, certificate auth, etc.). It's job is to collect and validate the client credentials and store them in a session object. The site URLs provide the server side authentication process. They know, by virtue of the multidomain setting in the access policy, that the session object is being created by another URL, and will use that value when the client presents it. So to answer your original question, it wouldn't really make sense to have a webtop on the logon virtual server, and the site URLs will completely bypass the access policy (except for SSO profiles) and go right to ACCESS_ACL_ALLOWED.
Of course I could be completely wrong, but that's my understanding of the multidomain feature.
