Forum Discussion
APM - translating group SIDs extracted from Kerberos token
- Mar 09, 2022
Should anyone need solution - it appears to be quite simple: there is bult-in agent "AD Group SID Resolver", I am pretty sure it wasn't there a few BIG-IP versions before... or maybe I simply didn't pay enough attention...
Anyway - once you have configured Kerberos Auth agent and set Extract Group SIDs as "enabled", you should add AD Group SID Resolver agent - it will translate Group SIDs into Group Names and store it in session.ad.last.attr.memberOf variable. Then it is easy to inject them into HTTP headers via iRule.
Should anyone need solution - it appears to be quite simple: there is bult-in agent "AD Group SID Resolver", I am pretty sure it wasn't there a few BIG-IP versions before... or maybe I simply didn't pay enough attention...
Anyway - once you have configured Kerberos Auth agent and set Extract Group SIDs as "enabled", you should add AD Group SID Resolver agent - it will translate Group SIDs into Group Names and store it in session.ad.last.attr.memberOf variable. Then it is easy to inject them into HTTP headers via iRule.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com