Forum Discussion
Rabbit23_116296
Feb 05, 2014Nimbostratus
That's exactly what i have been trying to achieve. So under SSO auth settings which options do you use to set the cookie? Secure and persistent tick boxes? And then you just bind the irule to the virtual server?
Sorry for all the questions. Been trying to get this to work..
- Micah_HaarbrinkFeb 05, 2014NimbostratusYep, I check both of those. I set the domain cookie as the parent domain (I have multiple Access Porifles sharing that cookie). I also set the Maximum Session Timeout to match the number of seconds in the iRule. The contractor I was working with suggested matching those, but I'm not sure if it's technically a requirement. We had a hard date to go live so I've been dealing with go-live issues and haven't been able to test and break additional policies to verify the bits and pieces that matter most. So essentially I have Virtual Server A Access Policy A Maximum Session Timeout (set to X seconds) SSO/Auth Domain Cookie set to parentdomain.com Secure checked Persistent checked Presistent iRule (set to X seconds) Virtual Server B Presistent iRule (set to X seconds) Access Policy B Maximum Session Timeout (set to X seconds) SSO/Auth Domain Cookie set to parentdomain.com Secure checked Persistent checked
- Micah_HaarbrinkFeb 05, 2014NimbostratusOh and Access Policy A is set up for SP's that require lots of attributes to populate profiles. Access Policy B is set up with just authentication but no additional queries. Then I have an IdP for one of our SP's that needs all that info for profiles and another IdP that just uses email for the assertion and I have a few SP's using that. That way I don't need individual IdP's, Access Policies Virtual Servers for each SSO buddy.
- Micah_HaarbrinkFeb 05, 2014NimbostratusComment formatting on here is awful. Sorry for the replies and deleting/adding the comments.