APM: Reauth required for different URL on same listener

Question

Hi, &nbsp;
short question: I have an APM authentication policy bound to a listener. There is a Sharepoint published via the listener. If you connect to sp.acme.com, you get the login form and can access it afterwards.&nbsp;
The sharepoint has a default url "sp.acme.com" and if you upload a pic, it is stored in "pics.acme.com".
The problem is, the pics are not shown properly as content on the sp-page. If you open the pic in another tab, you are redirected to the logon-page of "pics.acme.com". If you authenticate there, then the pic is shown properly.&nbsp;
So my question now is - how could I achieve a single-login for all pages/subdomains that are running on that listener, and not to have a login mask again.&nbsp;
Is there any guide to this? On SP directly (without F5 in between), this works properly.&nbsp;
I assume ther is something with the SSO/Auth Domains in the Access Profile?&nbsp;
Thanks in advance!&nbsp;

stanislas_piro2 · Answer

You're right!!! this is in SSO / Auth domains in Access profile...&nbsp;
You have 2 solutions:&nbsp;
define the domain acme.com in SSO domain field
define multiple domains SSO with:
logon URL : login.acme.comdomain / host : sp.acme.comdomain / host : pics.acme.com

The problem with the first solution is all web sites hosted on the acme.com domain will receive the APM session cookie which may cause security issue!&nbsp;

Forum Discussion

APM: Reauth required for different URL on same listener

1 Reply

Recent Discussions

LDAPS and renegotiation

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

Related Content

F5 Distributed Cloud - Listener Logic

Disable vip that is listening on different ports

How to listen to the DevCentral Podcasts

Reminder: MFA now required to log in to DevCentral

UDP DNS listener doesn't resolve DNS query but TCP DNS listener can