Forum Discussion
NimbostratusAPM Kerberos and SAML
In few week, we have web application to install. Some client are XP and other Seven as described under. The client with seven are installed and attach to a domain Active directory (token kerberos). I would configure the APM to catch the token kerberos, create a saml token with the identidy and other attribute, post this saml assertion to my web application (alfresco, ibm connexion, ibm notes) The client XP are using a web portal hosted by APM. This web portal connect to LDAP for authentication (active directory). APM create a saml token with the identidy,post this saml assertion to my web application (alfresco, ibm connexion, ibm notes).
It is a good design ? And where it's wrong ?
Thanks.
3 Replies
Based on what you described, this actually sounds like a fairly decent setup.
You would be able to fine tune the policy for each to suit the target operating system. I'd suggest using a Client OS check to try and determine whether a client needs to supply Kerberos credentials (this can be configured to fall back to basic authentication) when running Win7, or go straight to a logon page. You could send Mac and mobile clients to the logon page as well using the conditionals on the branch.
test_jampes_144Great. In this case, the applications are configure to support kerberos credentials or it is not necessary ? The APM relay, convert in the protocol configure in the application. In other word, a convertion kerberos credential/saml by APM will be good if is possible
Apps protected by this APM instance could be using kerberos, but as you said, they are using SAML. The protocols in use on each side of the f5 do not have to be the same.
