Forum Discussion

StuKirby's avatar
StuKirby
Icon for Nimbostratus rankNimbostratus
May 16, 2018

APM Between Virtual Servers

Hello

 

I am having an issue with APM as an Idp.

 

Initially we were hosting an APM VS as an Idp for external 3rd party apps and everything was fine. We now seem to have an issue with internal apps that use the same APM VS for an Idp but these apps are hosted behind other LTM VS's on the same F5. SSO will work connecting to the first application but subsequent requests, when the clients browser session gets redirected to the APM VS, the APM looks to be resetting the TCP connection with a reason of "No Server Selected"

 

So firstly is there an issue connecting to an application behind a VS and then the app redirecting to the APM Idp on a different VS?

 

Or am I barking up the wrong tree and there's some kind of TCP flag being set by the back end application causing the APM VS to reject it?

 

Hoping someone can help!

 

APM
application delivery

1 Reply

Sort By
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    May 16, 2018

    Hi,

     

    Just want to clarify your needs.

     

    • You have one IDP hosted on one F5 (call it F5-A)
    • You have one application cloud that bind to this IDP (call it App-Cloud)
    • You have one Application hosted on onother F5 (call It F5-B) I suppose that you use F5 as SP in F5-B? then you perform SSO to the backend server? or your application is SAML Compliant and use F5 just to reverse this app?...

    In general when you obtain "No Server Selected" that's mean that your internal APP do a request Auth without SAML request and mybe on the wrong URL. As your IDP session is still active, F5 consider your request as simple request and none SAML request and try to send your request to the backend server. And As you don't have an pool on this service (normal) you obtain this error: "No Server Selected"...

     

    Did you perform a trace when this behaviour occur? in order to check if application send a correct saml request?

     

    Regards