Shared Authentication Domains on BIG-IP APM
Published Feb 14, 2017
Version 1.0Was this article helpful?
It works well to share the session between App1 and App2, but is it skipping the whole policy workflow of the second app then? So if i have App3 which is secured by a second factor while App1 and App2 are not ... am i bypassing this second factor by logging in at App1 first and then App3? If i check the logging it seems to. And if yes how to solve this bypassing?
dns | App1.domain.org | App2.domain.org | App3.domain.org |
vs | vs1 | vs2 | vs3 |
policy | App1_apm_policy | App2_apm_policy | App3_apm_policy |
scope | global | global | global |
domain cookie | domain.org | domain.org | domain.org |
radius as mfa configured at policy | no | no | yes |
sso (forward auth to backend) | App1_sso_profile | App2_sso_profile | App3_sso_profile |