Monday, June 8, 2009

SSO between webgates

I was configuring OAM Load balancing. I had two set of servers (Each set has IDM, Access Svr, Policy Mgr) front ended by two iPlanet webservers (host1.abc.com and host2.abc.com) having respective webgate. To configure the SSO between these two Webgates, I appropriately mentioned the "primary Http Cookie Domain" for both webgates as "abc.com" .

Now it is testing time. I authenticated to http://host1/myPage.jsp and typed http://host2/myPage.jsp on the browser's address bar expecting I am authenticated to http://host2 as well. Nope, I saw that login screen again. I banged my head for whole day till I found my mistake next morning.

The solution was very simple. Start typing http://host1.abc.com/myPage.jsp instead of http://host1/myPage.jsp . After authentication to host1 type http://host2.abc.com/myPage.jsp . This will work as I am mentioning domain name in the URL which is set as "Primary Http Cookie Domain".

Since the set up was inside the network, I do not have mention the domain name(...abc.com) to access my web content. IPlanet was serving me the page even if I typed the URI as http://host1/myPage.jsp .

No comments:

Post a Comment