Forum Discussion

Mitz1915_365163's avatar
Mitz1915_365163
Icon for Nimbostratus rankNimbostratus
Jun 25, 2018

SAML - domain cookie ?

Hello

 

I have a question regarding saml. I am using F5 as SP and OKTA as IDP.

 

I have 2 apps in OKTA and 2 respective virtual servers on F5 for those apps . When I try to access first virtual server i.e saml1.xyz.com , it gives me OKTA page. After entering my credentials I get the app which is the expected behaviour . Now I want when a user opens another tab on same browser and access my second virtual server which is saml2.xyz.com , he should be able to login without entering the credentials again .

 

How can I achieve this

 

Any leads would be appreciated.

 

APM
application delivery

2 Replies

Sort By
  • Mitz1915_365163's avatar
    Mitz1915_365163
    Icon for Nimbostratus rankNimbostratus
    Jun 25, 2018

    I have set this Domain Cookie : xyz.com

     

    After setting the cookie , while i am already logged in to samltest1.xyz.com , if i try logging in to samltest2.xyz.com , it throws error: your session is invalid . Please click here to open a new session. When I click there it takes me to my app without asking for credentials again

     

    Questions

     

    1. What am I missing here ?
    2. Is this the correct approach setting domain cookie ?
    3. Do i need to bind same access profile to both SAML virtual servers ? Right now I have different access profiles
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Jun 25, 2018

    Hello,

     

    I don't know how you set your APM Policy but you have 2 alternatives.

     

    --> first one:

     

    you can create 2 distinct policy with 2 SP that will be attached to your OKTA IDP. your SP ID will be:

     

    --> The second alternative, you can use multidomain SSO. And in this case you can use the same APM Policy (VPE).

     

    Can you tell me wish on you choosed and I can help you to deploy IT. depending your problematic...

     

    regards