Forum Discussion
NimbostratusAPM and LTM 1600 for user authentication?
folks
i have a query i hope you can help with
i have an ltm 1600 cluster load balancing internet access in front of a number of proxy servers
the ltm 1600 is on my corporate lan
the proxies are in a dmz
normally the proxies would manage authentication but i'm replacing them and i now want to move the authentication process back to the corporate lan (i'm not happen with a dmz proxy querying an internal ad server)
will the apm module allow me to authenticate browser requests against active directory
thanks to anyone taking the time to respond
3 Replies
JGCumulonimbus
You need to be aware of this if you are (going) on v11.3.0:
http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14422.html
APM isn't really designed to be used for non-transparent forward proxy connections like this.
It would be possible with a medium complexity irule to create the session and do HTTP authentication, then AD authentication based on that, but it would be a fair amount of work and be difficult to support.
APM is generally designed to:
1- VPN
2- Reverse Proxy
3- Selective Client -> Backend TCP port forwarding (like a mini-vpn)
4- activesync / citrix / vmware proxy
5- bolt-on authentication in front of an existing standard web service
mulhollandm_648thanks for your input i've spoken to f5 and they tell me i can authenticate users ok with the apm i know need to think about how to populate proxy rules using ad - another complication
