Shared Authentication Domains on BIG-IP APM

How to share an APM session across multiple access profiles. A common question for someone new to BIG-IP Access Policy Manager (APM) is how do I configure BIG-IP APM so the user only logs in once....
Published Feb 14, 2017
Version 1.0
aaa
BIG-IP
BIG-IP Access Policy Manager (APM)
security
SSO
Irre_Levant's avatar
Irre_Levant
Icon for Altocumulus rankAltocumulus
Sep 09, 2022

It works well to share the session between App1 and App2, but is it skipping the whole policy workflow of the second app then? So if i have App3 which is secured by a second factor while App1 and App2 are not ... am i bypassing this second factor by logging in at App1 first and then App3? If i check the logging it seems to. And if yes how to solve this bypassing?

 

dnsApp1.domain.orgApp2.domain.orgApp3.domain.org
vsvs1vs2vs3
policyApp1_apm_policyApp2_apm_policyApp3_apm_policy
scopeglobalglobalglobal
domain cookiedomain.orgdomain.orgdomain.org
radius as mfa configured at policynonoyes
sso (forward auth to backend)App1_sso_profileApp2_sso_profileApp3_sso_profile