Applying client initiated form-based SSO actions to multiple Portal Access resources in APM 11.6

Thanks for taking the time to reply.

I think I understand the conditions you outline, however can I clarify the first part of your response?

So, if an SSO profile is not assigned to a Portal resource item, which are essentialy ACLs, then a profile assigned to the Access Policy will be used. Does there need to be an SSO profile assigned to the Access Policy for SSO to work, or can you simply assign these to the resource items and leave the Access Policy SSO configuration set to none?

Apart from the single occasion when I happened apon a working config combination, I don't see the SSO agent referenced in the logs. I believe that entries were prefixed with somthing like SSO v2 (or similar). On this occasion I could see the requested paths and entries when URI's used for form detection were matched. Since making changes, I now seem unable to trigger SSO at all.

Is what I am trying to achieve possible?

• user authenticates successfully
• username & password are assigned to user SSO session vars
• user follows webtop link to resource A
• SSO profile attached to resource A detects SSO URI and using javascript inserts & posts session vars to login script
• user follows webtop link to resource B
• SSO profile attached to resource B detects different URI and posts session vars to resource B login script

Apologies for all the questions, I am new to APM and I've been at a dead-end with this for many days.