Forum Discussion

mac_load_326940's avatar
mac_load_326940
Icon for Nimbostratus rankNimbostratus
Jul 12, 2017

LTP+APM SSO

Hi,

 

I want to reach an internal Web application via F5. I configured an LTM-APM access profile and under the visual police editor, I have configured a rule where I make a first check based on the hostname. If the hostname is "applicationA.mycompany.com", so I assign a static pool for applicationA servers (without webptop or portal access) and if the hostname is "applicationB.mycompany.com", I assign a the static pool with applicationB servers in this pool.

 

Currently, this is working, I can reach theses applications from Internet via the F5. But I want to configure an SSO for these applications.

 

My question is: how I can configure an SSO and attach an SSO profile for these different pools ?

 

BR Jerome

 

3 Replies

  • Have you looked at WEBSSO::select - you could select the appropriate SSO profile based on some preceding logic in an iRule

    Something like

    when HTTP_REQUEST {
      if { [HTTP::host] equals "applicationA.mycompany.com"} {
        WEBSSO::select 
      }
    }
    
  • You could either configure your APM policy to look for the application logout URI in the properties of the policy. Or, if you want more flexibility, you could add some logic to your iRule to kill off the session using ACCESS::session remove

    So something like...

    when HTTP_REQUEST {
      if { [HTTP::uri] equals "/logout"} {
        ACCESS::session remove
        TCP::close
      }
    }
    
  • Hi,

     

    Don't assign pool in VPE but in irule.

     

    If you assign pool in VPE and want to share the same session between urls, the host name reached to start the session force the pool for all next urls.