Forum Discussion
Stanislas_Piro2
Oct 31, 2017Cumulonimbus
Hi,
APM works with session variable to evaluate policy.
-
SSO requires following variables :
- session.sso.token.last.username
- session.sso.token.last.password
- session.logon.last.domain (for NTLM SSO)
Logon page create following variables - session.logon.last.username - session.logon.last.password - session.logon.last.domain (when split domain from username is enabled)
SSO credential mapping allow to create expected SSO variables. You must set it AFTER logon page to reuse logon page variables values. It is recommended to set it after AD auth and AD query boxes.
if the SSO method used is NTLM, you must have session.logon.last.domain set with NETBIOS name
if the SSO method used is KERBEROS, you must have session.logon.last.domain set with FQDN domain name