Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10
Opened: Mar 28, 2016 Severity: 3-Major
Multidomain SSO use case with two virtuals: vs1 and vs2. Both virtuals are configured as APM+LTM pools. vs1 is designed as the primary auth virtual The expected result is that users can access resources on both virtuals. If they have not yet authenticated, they will be redirected to vs1 to authenticate. The reported result was that sometimes an already authenticated user would be able to access the resources on vs2. But their cookie would be rejected by vs1, and they would be asked to authenticate again.
Users may be asked to re-authenticate, even though they just did so.
It is not known what conditions cause this to occur.
Use an independent auth virtual that is not also a resource.
None