Forum Discussion
NimbostratusAPM SAML IdP with Kerberos authentication
I would like to use APM lite to serve as SAML IdP with Kerberos authentication. The idea is to allow users already logged-in to the Windows domain to not get prompted when external SP is redirected to our internal IdP. We are using VIPRION with LTM v11.5.4HF1 (with APM limited mode). We are using APM Lite because the 10 concurrent user limit is more than enough to satisfy the requirements. I would like to ask if there are detailed guides to accomplish this. I have read through the APM guides but they cover common deployments. At the moment, we are stuck at v11.5.4 and can not upgrade to v12.1. Any help or guidance is appreciated.
Eugene K.
3 Replies
Was one of the guides you mention the APM Auth & SSO manual for 11.5?
Chapter 28: Using APM as a SAML IdP
eugeneK_pdxYes, I read chapter 28. Steps 4-11 and Sample access policy image is generic and does not fit exactly what I want. I am still learning APM and bridging the knowledge gap to connect the IdP and Access Policy with Kerberos is what I am missing. The details are what I need help on.
Thanks. EugeneK
- boneyard
MVP
you are right the information is somewhat generic, but i doubt you will find a document connecting it all for you.
to connect an BIG-IP as IdP (without SSO portal) to a access policy you set it as SSO method.
to connect Kerberos as authentication you just add the Kerberos Auth in the access policy instead of the logon page.
as for doing Kerberos as authentication (not SSO) method see this info: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-6-0/9.html
