Forum Discussion

alex100's avatar
alex100
Icon for Cirrostratus rankCirrostratus
Aug 13, 2025

APM SSO Between NTLM and Forms Based

HI All,  I’ve been struggling to get this working and could use some insight. Here’s my setup: I have three applications under the same mycompany.com domain, each with its own virtual server and acc...
BIG-IP Access Policy Manager (APM)
Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Aug 14, 2025

Hello Alex,

So the redirect from App3 to App1 if there is no Apm session is happening from Apm policy or from the server?

If there is no login form in App3 APM policy how does it gets the credentials to construct the sso?

Is there a federation between App1 and App3 APM policies?

I believe that one single Apm policy with multidomain sso for both App1 and App 3 might fit better in your case.

alex100's avatar
alex100
Icon for Cirrostratus rankCirrostratus
Aug 19, 2025

Redirect from APP3 to APP1 is facilitated by an iRule attached to APP3 VIP that checks for existing APM session. If no active session is found, redirect to APP1 virtual takes place. APP3 is using "SSO" type access policy profile.  This type of profile does not have any front end elements but instead, it gets access to existing APM session and is able to pass existing APM session variables to another application. Also to mention, SSO between access policies is done using single authentication domain "mycompany.com". 

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for Nacreous rankNacreous
    Aug 20, 2025

    Thanx for the info alex100​ 

    Never use SSO profile type before.

    So if understand correct this type of policy needs an irule to work. But from which policy it gets variable from? Any active session? Is this also defined through irule?

    Is there any documentation for this type?