Forum Discussion
By "use them for APM", what do you mean exactly? Not sure if you're talking about use in SSO (apm authenticates on behalf of the user) or use in AAA (apm checks user's credentials against an authentication server).
AAA must happen during access policy evaluation (before user hits Allow or Deny or Redirect ending in VPE).
SSO must happen after access policy evaluation (after user hits Allow or Deny or Redirect ending in VPE).
If you could more fully explain your use case, it would help. If you're not sure about your client device's interaction or what browser / app / etc you're using, you may need to perform decrypted packet captures using SSLDump. There are detailed instructions about how to do that here:
https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html
- Jose_Peter_2424Jan 26, 2016NimbostratusHi Lucas, Thanks for looking into my query. Let me explain my requirement.User launches the application on his phone, enters credentials and clicks "Login".Then an HTTP POST happens to application server. Credentials need to be captured by BIGIP from this POST and then do AD authentication followed by SSO on behalf of user.
- Lucas_Thompson_Jan 26, 2016Historic F5 AccountOK. It sounds like you don't necessarily have control over the login page in this scenario, is it built into the app somehow? How does the app decide what to POST? Is it based on some existing web page that is retrieved from a server? Also, does the app implement a generalized Web browser that can store cookies and follow redirects, or is it limited somehow? What I'd do first is to visit that link I posted above about SSLdump and use that technique to capture exactly what the client is sending.
- Jose_Peter_2424Jan 26, 2016NimbostratusHi Lucas, Yes, the login page is built in the app. The URL to POST is also hardcoded in the app. I don't think app implement a generalized web browser.
- Kai_WilkeJan 27, 2016MVPHi Peter, as Lucas has already suggested a quick view on the wire would help to identify the URL and POST request. Use either SSLDump (the request must already hit your F5) or use Fiddler2 (configured as HTTP(S) Proxy on your phone) to capture those information.