Forum Discussion
NimbostratusAD Authentication For a VS in LTM
I have a VS configured which do not have any authentication mechanism configured at the moment. I want to configure in such a way that user hitting the VS gets a Login prompt ( which is to be configured on LTM) and after login, the user gets the access to VS and its content . Also that the header passes the User ID info along.
I want to configure the above scenario. Kindy confirm if this can be done and how. I have been following many links of F5 to configure, but failed to do so since.
4 Replies
Stanislas_Piro2Cumulonimbus
Hi,
To authenticate AD users, you must provision APM (additional license) and configure it.
Stanislas
- Stanislas_Piro2
When a user hit a VS, APM :
- check if user is already authenticated (presence of cookie).
- redirect to Authentication page ( uri /my.policy)
- validate authentication in multiple Database (AD, LDAP, RADIUS, TACACS, HTTP Server, ...)
- enable SSO (Basic, NTLM, Kerberos, ...)
Then, in LTM, you can redirect user to home page with irule or Local traffic policy
For more details on setting userID in HTTP header and sending user to landing page check out this solution: https://devcentral.f5.com/codeshare/insert-header-for-apm-policy.
- Stanislas_Piro2
The following irule allow you to redirect to home page and insert username as HTTP Header:
when ACCESS_ACL_ALLOWED { if { [HTTP::uri] eq "/" } { ACCESS::respond 302 noserver Location "/homepage/" return } elseif {![info exists APMusername]} { set APMusername [ACCESS::session data get session.logon.last.username] } HTTP::header insert "USER" APMusername }
