AD Group Members from multiple trusted domains

hey

i have a setup that i have couple of domains (different forests ex: lab1.local, lab2.labs) that have trust between them. one domain has the groups that controls the resources i publish on the APM. those groups have users from the multiple domain. currently i have configured the APM as follow 1) configured trusted domains with the root to be the domain that have the groups 2) logon page to split domain from user 3) AD Auth: use cross domain, and chosen the trusted domain object 4) adquery: use cross domain, and chosen the trusted domain object

after the adquery i have put in a logging agent to log session.* and the memberOf of the user shows only the group the user is member of from it's local domain. the adquery does not map the user the groups it is member of from my "main" domain that the APM monitors the groups

any ideas ? i am moving this customer from citrix to APM and his citrix setup do allow this kind of functionality

thanks

application delivery

BIG-IP Access Policy Manager (APM)

security

Forum Discussion

AD Group Members from multiple trusted domains

Recent Discussions

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Use of SSL Decryption.

Big IP DNS Failover

Related Content

Pool Members with multiple ports

Trust your CDN, but not completely

Exploring the Zero Trust Models of AWS, Microsoft, and Google

Overview of Trusted Client IP Headers in F5 Distributed Cloud Platform

Zero Trust Access with F5 Identity Aware Proxy and Crowdstrike Falcon

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS