Forum Discussion
NimbostratusAPM: using RSA in combo with AD auth
Hello All,
I am setting up just a basic portal access to our intranet site. I have gotten SSO and AD auth to work as far as accessing via APM but I am lost as to how to integrate RSA on the main sign on screen. Has someone had luck getting this to work? I am just not seeing how I can pull those variables from the RSA profile that I have setup.
I realize this question is very general so any help is much appreciated!
4 Replies
- Kevin_Stewart
Employee
Both the AD auth and RSA SecurID agents in the APM visual policy expects the session.logon.last.password session variable. If you intend to use both, you must first assign the RSA (or whichever one is second in the auth process) to a temporary variable, process the first auth agent, then re-populate the session.logon.last.password variable with the other value.
travis99_94012Cirrus
You could have a second login page after your AD auth, or look at figure 6 on page 49 here: https://devcentral.f5.com/wiki/GetFile.aspx?Page=iApp.Citrix-VDI-v1-1-0&File=iapp-xenapp-xendesktop-dg-RC-3a.pdf
Page 50 18 actually has the instructions.
It may be for Citrix but the principle is the same. Basically you would have an extra password field on your login page.
- Kevin_Stewart
Basically you would have an extra password field on your login page
Correct. You could either use a second password field on the logon form, or if this is for mobile users using the Edge client software, you could have the user enter the password and RSA value in the same field with some delimiter, then separate them and stage each for auth processing (by setting session.logon.last.password).
TomNSCPO8_12229Thanks guys! I will give this a shot. I was just a bit confused as to that login page and which variable it was expecting. Looks like I can give it a go from here and I really appriciate the input!
