Forum Discussion
Kevin_Stewart
Mar 27, 2013Employee
Currently your best option is either a data group listing of credentials, encrypted if necessary, or an external lookup (query). The question then comes down to the management of each. If the CMS product requires a unique credential for each user, and you don't mind managing those credentials ON the BIG-IP, then a data group may be sufficient. Otherwise you can store the CMS credentials in account attributes in some local directory service (also potentially encrypted).
If, however, you're talking about how technically to achieve SSO with static username and password variables, in the access policy simply set the required session variables that the SSO profile will consume. For form, Basic, and NTLM SSO, the default session variables are session.sso.token.last.username and session.sso.token.last.password. These SSO profiles also require the password to be in encrypted form, so you'll need to set the "secure" option in your variable assignment.