Symptoms

Single sign-on for portal access fails in this scenario: - SSO is enabled for a portal access resource item. - In addition in the network access configuration, a server-specific matching virtual server is configured to perform SSO for the same resource. To fix the problem, correct the configuration by removing the SSO configuration from the portal access resource item. The server-specific matching virtual server in the network access configuration will perform single-sign on for the resource.

Impact

Single sign-on for portal access fails.

Conditions

Single sign-on for portal access fails in this scenario: - SSO is enabled for a portal access resource item. - In addition in the network access configuration, a server-specific matching virtual server is configured to perform SSO for the same resource.

Workaround

To fix the problem, correct the configuration by removing the SSO configuration from the portal access resource item. The server-specific matching virtual server in the network access configuration will perform single-sign on for the resource.

Fix Information

none

Behavior Change

Starting from this release, Access Policy Manager matches portal access, iSession, and Mobile AppTunnel traffic against any server-specific matching virtual server enabled on the secure connectivity (tunnel) interface. If there is a match, server-side traffic goes to the matching virtual server before going out. This change is introduced to perform Secure Web Gateway-related checks on matching virtual server traffic.