Forum Discussion
CirrostratusAPM and certificate based AD authentication
In other words: APM doesn't have the user's password. The normal solutions to this are:
- Use Kerberos SSO with a delegation account. This is easy an long as your web server is IIS.
- Use SAML.
Sometimes people come up with other solutions. Because APM has access to irules, you can basically implement anything that is technically possible, with the important exception of passing the client's certificate through to the backend app. We don't support doing that.
I'd recommend consulting your app vendor to get their preferred SSO delegation technique.
In other words: APM doesn't have the user's password. The normal solutions to this are:
- Use Kerberos SSO with a delegation account. This is easy an long as your web server is IIS.
- Use SAML.
Sometimes people come up with other solutions. Because APM has access to irules, you can basically implement anything that is technically possible, with the important exception of passing the client's certificate through to the backend app. We don't support doing that.
I'd recommend consulting your app vendor to get their preferred SSO delegation technique.
Michael_Koyfma1Cirrus
A third option would be to amend application to trust the user identity being passed to it via HTTP header and restrict traffic to application to only come from APM - that way you can adapt an application to SSO behavior.
