Webpage not Webtop with sso

How are you landing at the webtop replacement webpage?

The problem you have, is that with a webtop, the SSO configuration is assigned to the portal resource. When you provide links in a custom (non-APM) webtop, you loose the ability to apply a SSO profile.

I'm not even sure this would be possible as the developer produced webpage doesn't have the intelligence to populate the relevant fields. Someone on here may correct me.

Did you manager not like the webtop from an aesthetic point of view? It's possible to significantly customise the webtop if this is the case and retain functionality.

Reading this https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-sso-config-11-2-0/5.html

And I've seen a video on the same, I thought I could build a policy to access any VS behind APM.

Can this be done with hosted content, instead of a web page on a VS?

No, I don't believe so. APM will have no knowledge of each resource behind an externally hosted link.

The whole point of having SSO on a per-portal resource basis is that each resource can have different SSO requirements, HTTP Basic, SAML, Kerberos etc. Once you've left APM and arrived on a 3rd Party page there is no way to pass SSO credentials to each resource linked on that page.

...Unless each VIP is configured as a web application with it's own access policy and the external page references the URL of the VIP, this may work.. but in doing so you may trigger a new session for each VIP so SSO may not work in this instance.

Thanks Mr. Plastic. I found the answer here, I had the Profile Scope set to "Profile". To allow SSO to bridge Profiles I need this set to Global.

It would be nice to have something between global and profile, maybe "group" and then you need to configure each access policy to be part of that group.

To enable SSO on multiple VS you either need them to all use the same access policy or configure each access policy with the Global scope.