Forum Discussion

soymanue's avatar
soymanue
Icon for Nimbostratus rankNimbostratus
Oct 29, 2012

Access Policy Manager OnDemand Certificate Authentication

Can the APM authenticate with a certificate without providing the user password?

 

We have Widows AD and Windows CA. We want to distribute a profile to iOS devices. It is possible to configure remotely the username and to send the certificate. But we can't send the password.

 

So, we would like to check against the Internal CA that the certificate corresponds to a user. But we don't want to ask for the AD user's password.

 

Is it possible?

 

 

BIG-IP Access Policy Manager (APM)
remote access
security

1 Reply

  • Michael_Koyfma1's avatar
    Michael_Koyfma1
    Icon for Cirrus rankCirrus
    Oct 31, 2012
    Yes, of course. You can configure APM to do OnDemand client cert, it will require a user to present a cert. Then you run OCSP check against your internal CA, and if it passes, allow the session to proceed.