Jump to content
Welcome to our new Citrix community!

AAA - multiple sso domains with one AAA vServer

Mark Brilman

Recommended Posts



I have the following scenario. We have multiple web applications in different SSO domains. for instance appA.domainA.com and appB.domainB.com.

We have AAA running in domainA.com (aaa.domainA.com)


Our issue is this:


When performing a login to appA.domain.com we get redirected to aaa.domainA.com . We perform logon and cookies are injected for domainA.com. We open appB.domainB.com and because of the cookies in domainA.com we get a succesful SSO to AAA and get cookies for domainB. All is well, we have SSO for both domainA and domainB.


When opening appB.domainB.com first we get redirected to aaa.domainA.com. We perform logon and cookies are injected for domainB.com. When we then open appA.domainA.com no cookies are present for domainA so we don't have SSO on  aaa.domainA.com. We need to login again to get the cookies for domainA.


My idea was to get AAA working on both aaa.domainA.com and aaa.domainB.com (2 ssl certs/SNI) and use content switch to select the correct load balancer based on sso domain. However I can't fine any cookie or any other way to get the content switch to recognize which authentication already succeeded and for which sso domain cookies are already present.


Is there a way how I can trick NetScaler into swithing authentication domains with one logon?






Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...