One think to note with JIRA is that you MUST have an iRule to bypass APM if the requires originates from the backend server. JIRA uses an internal method to call back into it self to render the gadgets. These requests only occur at server startup. Otherwise, you can also use Basic Auth to the backend for SSO.
Here is the iRule that I use:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] mask 255.255.0.0] equals "10.7.0.0" } {
Disable APM for Data-center clients (Application-to-Application)
set access_bypass 1
return
}
}
when HTTP_REQUEST {
Handle selective disablement of the Access policy. This variable could be defined in another iRule or Policy.
if {[info exists access_bypass]} {
Only manipulate the ACCESS profile if access_bypass has been defined; otherwise use default behavior
if {$access_bypass == 1} {
if {!([HTTP::uri] starts_with "/F5Networks-SSO")} {
Only disable the ACCESS policy if it is not the URL for multi-domain auth cookies
ACCESS::disable
}
} else {
ACCESS::enable
}
}
}