Shared Authentication Domains on BIG-IP APM

How to share an APM session across multiple access profiles. A common question for someone new to BIG-IP Access Policy Manager (APM) is how do I configure BIG-IP APM so the user only logs in once....
Published Feb 14, 2017
Version 1.0
aaa
BIG-IP
BIG-IP Access Policy Manager (APM)
security
SSO
PSilva's avatar
Ret. Employee
Technical writer, evangelist, speaker, video host, story teller and overall clever guy. Bringing the slightly theatrical and fairly technical together, I train, write, speak, along with overall evangelism. Highly technical information security professional with social media skills who has also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.
View Profile
PSilva's avatar
Ret. Employee
Technical writer, evangelist, speaker, video host, story teller and overall clever guy. Bringing the slightly theatrical and fairly technical together, I train, write, speak, along with overall evangelism. Highly technical information security professional with social media skills who has also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.
View Profile
Irre_Levant's avatar
Irre_Levant
Icon for Cirrus rankCirrus
Sep 09, 2022

It works well to share the session between App1 and App2, but is it skipping the whole policy workflow of the second app then? So if i have App3 which is secured by a second factor while App1 and App2 are not ... am i bypassing this second factor by logging in at App1 first and then App3? If i check the logging it seems to. And if yes how to solve this bypassing?

 

dnsApp1.domain.orgApp2.domain.orgApp3.domain.org
vsvs1vs2vs3
policyApp1_apm_policyApp2_apm_policyApp3_apm_policy
scopeglobalglobalglobal
domain cookiedomain.orgdomain.orgdomain.org
radius as mfa configured at policynonoyes
sso (forward auth to backend)App1_sso_profileApp2_sso_profileApp3_sso_profile