Shared Authentication Domains on BIG-IP APM

How to share an APM session across multiple access profiles. A common question for someone new to BIG-IP Access Policy Manager (APM) is how do I configure BIG-IP APM so the user only logs in once....
Published Feb 14, 2017
Version 1.0
aaa
BIG-IP
BIG-IP Access Policy Manager (APM)
security
SSO
dp_119903's avatar
dp_119903
Icon for Cirrostratus rankCirrostratus
Mar 27, 2018

I have this configured for multiple virtual servers and just recently added a new one and it won't work. I have tons of VS's, but for the sake of understanding this let's just say I have 4. They are:

 

vs1 - outlook.test.com vs2 - sharepoint.test.com vs3 - time.test.com vs4 - newsite.test.com

 

Here's how the APM cookies are set:

 

vs1 - test.com vs2 - sharepoint.test.com (persistent) vs3 - test.com vs4 - test.com

 

VS1 and VS2 and VS3 work just fine. However, VS4 seems to be getting messed up. If I have no sessions and I go to VS4 it works. And then when I go to VS1 it works. But after I've gone to VS1 and if I try and go back to VS4 it never works. In the logs it shows that i'm trying to access the virtual server for VS1 instead of VS4. It's as if it sees the existing MRHSession cookie and thinks it should be bound to VS1.

 

Thoughts?