CirrocumulusHow to get SSO information from 1 vcmp to another
Hi
My setup I have a cluster 2 nodes called vcmp1
on here I have 2 VS
login (saml idP)
auth (saml SP and a OAuth server)
I have vcmp2 cluster and it has VS
test - it uses oauth client - so links back to auth and auth to login
What this means is people log into the login server - think username and password.
I can get username to transfer from login -> oauth -> test using saml and claim for userid in the OAuth token
But I don't want to put the password in there - even if its encrypted (do others do this, just seems bad)
On the test VS i need the users password to log into a backend app that doesn't take oauth or saml (think atlassian server)
My understanding is I can extend an APM session from 1 vcmp to another (bigip to another).
I was thinking to do a sideband call to login filter that to only be allowed to be called by the F5's and grab an excrypted password that way
so
client call test/uriForJira
In a irule if i don't have a password, I 302 to login/getMySession
login/getMySession return via 302 say test/uriForJira?MySession=<sessionid - basically MRHSession>
then vcmp2 makes a sideband call to login/FROMVCMP2?MRHSession - which would return the password encrypted with AES 256.
Does that seam reasonable
Do i do it in irules or irules.lx (node.js)
Or is there another way to do this ?
