Shared Authentication Domains on BIG-IP APM
How to share an APM session across multiple access profiles.
A common question for someone new to BIG-IP Access Policy Manager (APM) is how do I configure BIG-IP APM so the user only logs in once....
Published Feb 14, 2017
Version 1.0PSilva
Ret. Employee
Joined May 16, 2019
PSilva
Ret. Employee
Joined May 16, 2019
Irre_Levant
Sep 09, 2022Cirrus
It works well to share the session between App1 and App2, but is it skipping the whole policy workflow of the second app then? So if i have App3 which is secured by a second factor while App1 and App2 are not ... am i bypassing this second factor by logging in at App1 first and then App3? If i check the logging it seems to. And if yes how to solve this bypassing?
dns | App1.domain.org | App2.domain.org | App3.domain.org |
vs | vs1 | vs2 | vs3 |
policy | App1_apm_policy | App2_apm_policy | App3_apm_policy |
scope | global | global | global |
domain cookie | domain.org | domain.org | domain.org |
radius as mfa configured at policy | no | no | yes |
sso (forward auth to backend) | App1_sso_profile | App2_sso_profile | App3_sso_profile |