I have two VPE
* VPE1 ( multiple oauth apps with SSO) - VirtualServer1
* VPE2 (multipe saml apps with SSO) - VirtualServer2
customers need to access applications from both VPEs.
Is it possible to share the session between the VPE? Or alternative solution, eliminating the need for the user to perform two authentications.
One first option would be with experimenting with the "Profile Scope", and to pay attention to any negative side effects, especially if we also have VPE3, VPE4 and so on. Do you mind me asking "why having/keeping 2 separate VPE?" Some kind of legacy? Do they both authenticate users within the same domain/realm (I mean: if user1 is authenticated to VPE1/domain1, does that mean we have some kind of "trust" with VPE2/domain2"? I mean: user1 is authenticated to VPE1/domain1: does that mean SSO2 should be using username/credentials from domain1 to connect to app from domain2) Should this apply to all users? Do the FQDNs for VIP1 and VIP2 belong to the same domain? (sorry for the burst of questions, here;))
both vpe authenticate to same AD, with same fqdn.
the reason for having two vpe is to keep oauth policies (oauth_profile) separate from the others.
I had already configured the profile scope as global, but apparently it doesn't work as expected. when calling applications from another vpe it requires login.
That's exactly the idea... Users authenticated in vpe1 somehow perform auth/SSO when calling applications from vpe2, that is, without calling a new authentication.