Forum Discussion

ruancarloss's avatar
ruancarloss
Icon for Nimbostratus rankNimbostratus
Nov 18, 2022

Share session multiple VPE

I have two VPE

* VPE1 ( multiple oauth apps with SSO) - VirtualServer1
* VPE2 (multipe saml apps with SSO) - VirtualServer2


customers need to access applications from both VPEs.
Is it possible to share the session between the VPE? Or alternative solution, eliminating the need for the user to perform two authentications.

  • Hi,

    One first option would be with experimenting with the "Profile Scope", and to pay attention to any negative side effects, especially if we also have VPE3, VPE4 and so on. Do you mind me asking "why having/keeping 2 separate VPE?" Some kind of legacy? Do they both authenticate users within the same domain/realm (I mean: if user1 is authenticated to VPE1/domain1, does that mean we have some kind of "trust" with VPE2/domain2"? I mean: user1 is authenticated to VPE1/domain1: does that mean SSO2 should be using username/credentials from domain1 to connect to app from domain2) Should this apply to all users? Do the FQDNs for VIP1 and VIP2 belong to the same domain? (sorry for the burst of questions, here;))

    • ruancarloss's avatar
      ruancarloss
      Icon for Nimbostratus rankNimbostratus

      both vpe authenticate to same AD, with same fqdn.

       

      the reason for having two vpe is to keep oauth policies (oauth_profile) separate from the others.

       

      I had already configured the profile scope as global, but apparently it doesn't work as expected. when calling applications from another vpe it requires login.

       

      That's exactly the idea... Users authenticated in vpe1 somehow perform auth/SSO when calling applications from vpe2, that is, without calling a new authentication.