Forum Discussion
Thanks.
okay, let me try this from a different angle then based on this
"
For the demo_default VS if you don't have access policy or profile then the SSO shouldn't work as even the global profiles will not work if there is no access profile under the VIP.
"
so lets say I want people to freely get to
demo.xyz.com/
but when they hit
demo.xyz.com/secret
I want them to login, especially I want them to use a global SSO (auth.xyz.com)
so from what I have read
I create a VS for
demo.xyz.com which is just a big switch to these vs and also has a ASM attached to the front
demo.xyz.com_secret << this has a APM
demo.xyz.com_default
You are saying to get SSO working properly, I need to attach a APM to demo.xyz.com_default vs
can I have a APM that just allows every one with out doing any checking ?
Can you check this post :
https://devcentral.f5.com/s/question/0D51T00006i7h0S/apm-sso-between-two-virtual-servers
The idea is to have demo.xyz.com_default with the same SSO object in Access profile and the access profile will do no more checks but just have the SSO.
You can use the multi domain to redirect from demo.xyz.com_default to demo.xyz.com_secret if no aythenticated but as you have the F5 ASM Login Page protection, you will simply block access to the other URL if the login page is not hit fitst.
https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-0-0/27.html