Forum Discussion

Nimbostratus

Oct 31, 2017

Automatically authenticate users to Intranet sites

I am trying to get our access policy configured so that once a user is logged in and clicks a web application link to our Intranet sites; the user doesn't have to enter their domain account again. Ri...

application delivery

BIG-IP Access Policy Manager (APM)

Stanislas_Piro2

Cumulonimbus

Oct 31, 2017

Hi,

APM works with session variable to evaluate policy.

SSO requires following variables :
- session.sso.token.last.username
- session.sso.token.last.password
- session.logon.last.domain (for NTLM SSO)

Logon page create following variables - session.logon.last.username - session.logon.last.password - session.logon.last.domain (when split domain from username is enabled)

SSO credential mapping allow to create expected SSO variables. You must set it AFTER logon page to reuse logon page variables values. It is recommended to set it after AD auth and AD query boxes.

if the SSO method used is NTLM, you must have session.logon.last.domain set with NETBIOS name

if the SSO method used is KERBEROS, you must have session.logon.last.domain set with FQDN domain name

Forum Discussion

Automatically authenticate users to Intranet sites

Recent Discussions

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

URL

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Azure DP-100 Exam Questions

Deploying F5 WAF in front of Azure Web App Services

Related Content

Decrypting BIG-IP Packet Captures Automatically

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

Distributed caching of authentication requests with NGINX Ingress Controller

Application Programming Interface (API) Authentication types simplified