Forum Discussion

cjmalon_145830's avatar
cjmalon_145830
Icon for Nimbostratus rankNimbostratus
Jan 07, 2015

Appending Domain to username Single Sign On

Hi,

 

New to F5, My web portal resource expects a username in the form username@domain is there a way that I can do Forms based SSO to this resource without the user having to append the @domain when they type in their username. I guess the question is how do you combine the username session variable and domain session variable to create a new variable that can be referenced as the username in the SSO configuration.

 

Thanks in advance

 

APM
deployment
security

4 Replies

Sort By
  • Cthulhucalling_'s avatar
    Cthulhucalling_
    Icon for Cirrus rankCirrus
    Jan 07, 2015

    I haven't tried this myself, for Forms-based SSO you may be able to specify "session.sso.token.last.username@domain" as the username source.

     

  • Seth_Cooper's avatar
    Seth_Cooper
    Icon for Employee rankEmployee
    Jan 07, 2015

    Hi,

     

    If you are doing an AD Query as part of your VPE the "session.ad.last.attr.userPrincipalName" session variable should be populated. This is the format of "user@domain"... so you can use this as the username and then the normal password variable in the configuration.

     

    Regards,

     

    Seth

     

  • cjmalon_145830's avatar
    cjmalon_145830
    Icon for Nimbostratus rankNimbostratus
    Jan 07, 2015

    Hi,

     

    CT I have tried the following for username source in the SSO configuration.

     

    session.sso.token.last.username@domain "session.sso.token.last.username@domain" %{session.sso.token.last.username}@%{session.sso.token.last.domain} after populating session.sso.token.last.domain as a variable.

     

    None of these work.

     

    Seth, Unfortunately for political reasons I am authenticating off a Radius Server.

     

  • Seth_Cooper's avatar
    Seth_Cooper
    Icon for Employee rankEmployee
    Jan 08, 2015

    Hi CJ,

     

    Where are you getting the "domain" information from? What is populating the %{session.sso.token.last.domain} variable?

     

    Will you always be using the same domain? If so it should be pretty easy to make the correct variable. I would use a variable assign in the VPE to build the variable and then pass it to the SSO object.

     

    Seth