Forum Discussion

Altostratus

Feb 23, 2021

APM Ldap Query and SSO

Hello, For authentication, the user use his email address, but after logging we use a SSO mapping to connect to backend server. The backend server doesn't allow the authentication with email address...

application delivery

BIG-IP Access Policy Manager (APM)

boneyard

MVP

Feb 27, 2021

i do believe your AD query filter would be

(UserPrincipalName=%{session.logon.last.username})

as the UserPrincipalName is what is available, assuming UserPrincipalName is the same as the email address, else you need to search on the email address. lookup the attribute name in AD for that.

before that you have to assign the UserPrincipalName to the session.logon.last.username from the returned SAML attribute. which you can lookup in your APM sessions. it probably is: session.saml.last.identity

what is your IdP? is that Azure AD, it can also return the sAMAccountName.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

APM Ldap Query and SSO

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

In F5 APM, how to include multiple DNS suffix?

Issue while migrating config from 4000s to r4600

Username is not filled in EdgeClient in the Modern customization

Cert Bundle Manager

Question regarding F5 Viprion Configuration Migration to VE.

Related Content

LDAP Auth, LDAP Query with UPN fails

APM Cookbook: Modify LDAP Attribute Values using iRulesLX

Configuring LDAP Auth and Query APM

LDAP Proxy

iRuleLX Solution for OAUTH JWT authenticated Salesforce Query

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS