Domain Cookie SSO

Your question is not that clear , Domain Cookie is used to bypass multiple login prompt to different access profiles' login pages for a user that already been authenticated to one of the access profiles , what am getting from your question is that SSO for app1 is not working . right ?

Thanks for the response.

You are correct SSO for app1 is not working when I have first authenticated to the webtop that I have configured.

Both app1 and webtop are configured to use AD authentication and I can get SSO to work when authenticating to another virtual server just not when authenticating to a webtop.

However sso from webtop to app2 works without any issues.

What type of SSO is used for aap1 ? if it's a form based , please post a snapshots of your configuration and any http proxy's capture showing the authentication process of that application.

Maybe that is where I am doing something wrong. I am not using an SSO profile since I am only trying to take the username and password from the webtop access policy and apply those to the app1 access policy login.

Where it is throwing me off is I can authenticate to app2 (this app has access policy applied to it that will ask for username and password) and open a new tab and go to app1 one without being prompted by the access policy for login.

However if I go to webtop and authenticate first and try to go to app1 I will be prompted for username and password again.

In order to perform SSO , you need to define the login form parameters for app1 under the SSO tab in Access policy part .This way , after the user enters his username/password in APM login page , the APM will map this data and push it to the app1 login page as if the user entered it himself .You can assign different SSO profiles to differen Portal Access resources . is this clear to you ?

Thank you for taking the time to help on this. I understand that but I am only trying to sso past the APM login page I am not concerned with sso to the application because the application is not integrated with Active Directory. We put APM on app1 to make sure externally no one can access the apps login page if they go directly to the app1.test.com instead of going through webtop.test.com and clicking the link without first having an AD account.

After some further testing I discovered some new information.

From the webtop when I click on the link to app1 it ends my session so for all other links on the webtop I will get Access Policy evaluation is already in progress for the current session as it waits for login to app1.

Maybe i didn't get your question .You have a webtop with multiple resources ( app1 , app2) . app1 is not a direct server , it's hosted on another virtual server on the same BIGIP with another Access Policy , and the second login page is actually APM login page from the second VS . is that correct !

Yes that is correct. Sorry for the confusion.

Try watching this video and make sure that you're following the same.if still not working , mostly i'll try to use an iRule to perform the same function.

Thanks for the video. Yes I have domain cookie set on WebTop access profile and app1 access profile. Also new to version 12 they added a profile scope to the properties page of the access profile and I have that set to global.

The strange thing is if I don't use the webtop and I just login to app1 then open link to app2 it works as it should. It also works if I login to app2 then open a new tab to app1 so it appears it is configured correct just not when accessing from webtop.