Forum Discussion

Johnnyx_304575's avatar
Jul 20, 2017
Solved

APM external client has to auth twice while using portal

I have an APM portal configured that is used to give external users access to an internal server. The problem I am running into is the external user has to auth once for the F5 portal login and then a second time to connect to the server. The second login looks like it is a Windows Security iexplore login for the server. Is there a way that the F5 can pass the external users creds to the backend server?

 

  • Thanks MrPlastic!! Those directions got me headed in the right direction. I'm going to add a little to this to hopefully help others that are having a similar issue:

     

    I used the HTTP Basic SSO setup for my use. Basically we have external users who use the portal to authenticate to an internal server. Before configuring HTTP Basic SSO I wold be challenged to re-auth by the server after already authenticating in the F5 portal.

     

    1. The first step I did to get HTTP Basic SSO working was to create the HTTP Basic SSO configuration as stated in the link above. Go to Access Policy => SSO Configuration => HTTP Basic and hit the + button to create a new HTTP Basic SSO config:
    2. The only field I changed was the Name field. I entered portal.acme.com_sso. Everything else was left at the default settings:

    This is where the instructions drop off. You must now add this to an Access Profile and then add SSO Credentials Mapping to the Access Policy.

     

    1. Open the Access Profile you already have created. Go to Access Policy => Access Profiles => Select the profile you want to update with the HTTP Basic SSO Config:
    2. A new window will open. Go to SSO / Auth Domains tab and then update SSO Configuration field with the HTTP Basic SSO Config you created in step 2:
    3. Go back to Access Policy => Access Profiles => find the profile you just updated and now select Edit under Access Policy:
    4. This will open a new window with the Access Policy that I already had created. I added SSO Credentials Mapping(under the Assignment tab) to the Access Policy:
    5. In the SSO Credentials Mapping window I made two changes. I updated the SSO Token Username field to use "Username from Logon Page" and I updated SSO Token Password field to use "Password from Logon Page":

    After creating the HTTP Basic SSO configuration and then updating the Access Profile and the Access Policy for the profile I now have SSO working. External users are now able to use the portal and only authenticate once.

     

3 Replies

  • Thanks MrPlastic!! Those directions got me headed in the right direction. I'm going to add a little to this to hopefully help others that are having a similar issue:

     

    I used the HTTP Basic SSO setup for my use. Basically we have external users who use the portal to authenticate to an internal server. Before configuring HTTP Basic SSO I wold be challenged to re-auth by the server after already authenticating in the F5 portal.

     

    1. The first step I did to get HTTP Basic SSO working was to create the HTTP Basic SSO configuration as stated in the link above. Go to Access Policy => SSO Configuration => HTTP Basic and hit the + button to create a new HTTP Basic SSO config:
    2. The only field I changed was the Name field. I entered portal.acme.com_sso. Everything else was left at the default settings:

    This is where the instructions drop off. You must now add this to an Access Profile and then add SSO Credentials Mapping to the Access Policy.

     

    1. Open the Access Profile you already have created. Go to Access Policy => Access Profiles => Select the profile you want to update with the HTTP Basic SSO Config:
    2. A new window will open. Go to SSO / Auth Domains tab and then update SSO Configuration field with the HTTP Basic SSO Config you created in step 2:
    3. Go back to Access Policy => Access Profiles => find the profile you just updated and now select Edit under Access Policy:
    4. This will open a new window with the Access Policy that I already had created. I added SSO Credentials Mapping(under the Assignment tab) to the Access Policy:
    5. In the SSO Credentials Mapping window I made two changes. I updated the SSO Token Username field to use "Username from Logon Page" and I updated SSO Token Password field to use "Password from Logon Page":

    After creating the HTTP Basic SSO configuration and then updating the Access Profile and the Access Policy for the profile I now have SSO working. External users are now able to use the portal and only authenticate once.