SSO across multiple domains and group membership check
Hello, We are trying to replace our TMG with F5/APM. We currently have sites of the following type: sc1.domain1.com sc2.domain2.com sc3.example1.com In addition, there are also multiple sites under sc1.domain1.com like https://sc1.domain1.com/sites/site1, https://sc1.domain1.com/sites/site2, ... etc I want to be able to SSO across all of these domains. However, after authentication and session establishment, when a user tries to access any site, is there a way to enforce a site-specific access policy that would check just the group membership (because the authentication is already complete)? Thanks, Prakash
ActiveSync and Multi Domain SSO issue
Hello all, I'm currently implementing a SSO at a costumer using APM and we are using Multiple Domain SSO to accomplish that. As Outlook 2010 is part of the SSO I'm having some problems with ActiveSync. Webmail is working great but the redirection between "outlook.example.com" and "authentication.example.com" breaks ActiveSync. So when I try to access outlook_VS I get a HTTP 302 to authentication_VS, I authenticate the user and then get another HTTP 302 back to outlook_VS and it works great. So what I'm trying to accomplish is really to block this redirection and authenticate ActiveSync at the outlook_VS. Have anyone else experienced this problem? I was told that inserting a HTTP::header "clientless-mode" could help disabling the redirection, but I still have to figure out a way to send the user/password to be able to authenticate at AD servers. Basicly that's my config: VS 1: authentication_VS VS2: outlook_VS AAA: AD authentication SSO for outlook_VS: Basic Authentication Thanks in advance Pedro