14-Dec-2021 06:28
Bonjour,
I can't manage to fix this request about one web application (wordpress / sharepoint) :
How to do ???
I tried two separate APM but user is prompted when going from one vs to the other ...
merci pour votre aide et bonne fin de journée
cdlt, Patrick
15-Dec-2021 02:47
You can create 2 APM policies and use SSO domain cookie. This will avoid authentication if user from app1 goes to app2 in same session or diffrent tab of same browser.
under domain cookie, type your site domain. e.g. example.com
15-Dec-2021 03:09
Hi Sanjay
thank you for your help
that's ok for the authentication between the two VS, I managed to do it using one single APM policy and you're true the SSO domain cookie avoid user to be prompted
problem I can't fix is this one :
for one specific url on one of the two VS , and if user isn't member of a specific AD group,, I must reject the request but it has already been accepted by the APM ...
have a nice day
regards, Patrick
15-Dec-2021 03:27
Okay. got it. yes, once user is already authenticated by APM, it won't evaluate APM policy for any other URL inside the application with default apm policy. You would need to use something like per request apm policy or step up authentication to re-evaluate for that one URL. You can also try with iRule to remove APM session ACCESS::session remove and then re-evulate.
to be honest, I haven't done this personally but following doc can provide some guidanace.
https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-implementations-12-1-0/8.html
https://devcentral.f5.com/s/articles/apm-full-step-up-authentication-903