Forum Discussion

Esecurity_26019's avatar
Esecurity_26019
Icon for Nimbostratus rankNimbostratus
Apr 21, 2016

AD Authentication For a VS in LTM

I have a VS configured which do not have any authentication mechanism configured at the moment. I want to configure in such a way that user hitting the VS gets a Login prompt ( which is to be configured on LTM) and after login, the user gets the access to VS and its content . Also that the header passes the User ID info along.

 

I want to configure the above scenario. Kindy confirm if this can be done and how. I have been following many links of F5 to configure, but failed to do so since.

 

application delivery
ASM Advanced WAF
devops
LTM

4 Replies

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Apr 21, 2016

    Hi,

     

    To authenticate AD users, you must provision APM (additional license) and configure it.

     

    Stanislas

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Apr 21, 2016

    When a user hit a VS, APM :

     

    • check if user is already authenticated (presence of cookie).
    • redirect to Authentication page ( uri /my.policy)
    • validate authentication in multiple Database (AD, LDAP, RADIUS, TACACS, HTTP Server, ...)
    • enable SSO (Basic, NTLM, Kerberos, ...)

    Then, in LTM, you can redirect user to home page with irule or Local traffic policy

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Apr 21, 2016

    The following irule allow you to redirect to home page and insert username as HTTP Header:

    when ACCESS_ACL_ALLOWED {
    if { [HTTP::uri] eq "/" } {
        ACCESS::respond 302 noserver Location "/homepage/"
        return
    } elseif {![info exists APMusername]} {
        set APMusername [ACCESS::session data get session.logon.last.username]
    }
    HTTP::header insert "USER" APMusername
}