I did as you suggested but still same problem.
A reference to Profile Scope:
- Virtual Server grants access only the resources behind the virtual server on which the session was established.
- Profile grants access only to resources that are behind the same access profile on any virtual server. (Default.)
- Global is equivalent to BIG-IP 11.x behavior. It grants access to resources behind any virtual server with an access profile for which scope is set to Global.
As default all AP is created with "Profile", and that should be enough and was active.
Primary URI: z.example.com
VS1:
DNS names:
z.example.com
x.example.com
VS2:
y.example.com
If you go to z.example.com, i could login to the webtop and press the link to x.example.com, but when I click the link to recieve data from y.example.com it still fails with an 302 redirect to z.example.com/F5Neworks-SSO-Req.........and so on. And finally get to https://z.example.se/my.logout.php3?errorcode=19 (x is telling the client to recieve info from y, but bigip interfares and dont let the client to get the content from y).
In the same session, if i open a new tab, and go manually to y.example.com i do not need to re-authenticate since im using the same AP, as you explained, and i can do the request without problem.
WIth other words, i can use two VS, with the same AP, but my main problem still persists. :(
Thanks for your patience!