Nolan_Jensen_23
Jan 17, 2018Nimbostratus
Domain Cookie SSO
Hello All,
I am trying to figure out why sso using a domain cookie is not working for just one of my applications. I am running 12.1.2 and have domain cookie working for other applications so not sure why this one is not cooperating.
Current configuration I have a webtop (webtop.test.com) with application that is not allowing SSO at the moment (app1.test.com)
Webtop.test.com
- Access policy that uses Logon page > AD Auth > SSO Credential Mapping > Advanced Resource assign
- Advanced resource assign has portal access, few SAML, webtop, and webtop links
- Access Policy is set to Global for Profile Scope
- SSO/Auth Domains has domain cookie test.com and Secure flag checked
app1.test.com
- textapp1.test.com is a virtual server on the BIGIP
- access policy Logon page > AD Auth > SSO Credential Mapping
- Access Policy is set to Global for Profile Scope
- SSO/Auth Domains has domain cookie test.com and Secure flag checked
Issue
When I login to the webtop and click on the link to app1 I am getting prompted to login again via the app1 access policy login page.
Troubleshooting
- I can see using sso tracer that the cookie that is created when logging in to webtop is not being used by app1 because it creates a new LastMRH Session id.
- I have tried to add persistent to sso/Auth domains
- I have another app app2 that is configured the same way but this one works as I would expect.
- If I login directly to app2 then open a new tab and go to app1 domain cookie is working as I am not prompted to login again.
- I have enabled debug on webtop and app1 but the apm log doesn't show anything useful for app1 since it doesn't login.
- I have tested on Chrome, Firefox, Edge and IE11 all have same issue for sso to app1 from webtop.
Any ideas would be greatly appreciated.
Thanks