Forum Discussion

Wire's avatar
Wire
Mar 27, 2013

Static username and password on APM

How do you set a static username and password for use with an SSO confiuration on APM?

 

I am assigning a portal resource with minimum patching directly to an LTM VS with a pool and want to use form based sso to a CMS we are running.

 

This is so a user can simply type in the URL and not need any credentials of their own (ie get authenticated using the SSO config with the static username and password).

 

Thanks.

 

config
design

1 Reply

Sort By
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Mar 27, 2013
    Currently your best option is either a data group listing of credentials, encrypted if necessary, or an external lookup (query). The question then comes down to the management of each. If the CMS product requires a unique credential for each user, and you don't mind managing those credentials ON the BIG-IP, then a data group may be sufficient. Otherwise you can store the CMS credentials in account attributes in some local directory service (also potentially encrypted).

     

     

    If, however, you're talking about how technically to achieve SSO with static username and password variables, in the access policy simply set the required session variables that the SSO profile will consume. For form, Basic, and NTLM SSO, the default session variables are session.sso.token.last.username and session.sso.token.last.password. These SSO profiles also require the password to be in encrypted form, so you'll need to set the "secure" option in your variable assignment.