Forum Discussion
NimbostratusAPM with Okta leveraging SAML for SSO
Anyone know if it is possible to configure Okta -> APM (w/SAML SSO), to send user authentication as Windows Security context either using iRule or VPE (Visual Policy Editor) in F5?
F5's Cody Green has a series of videos covering F5 APM and Okta Integration.
 
You can find the videos here: https://www.youtube.com/watch?v=fX-qCWAIAmE&index=3&list=PLAVmgu9Rja5Cyu7KhQ3CUJFNOI5Tr-Wk2
 
Hope that helps
 
ps
 
Hi Joshua,
I've never played with Windows Web Services but it is a safe bet you can't create the security context natively on the BIG-IP since it is not a Windows OS nor does it have native support for Windows Web Services.
However, The BIG-IP does have the ability to create a Kerberos Ticket from the Active Directory the Windows Web Service is bound to. So you could have the BIG-IP pass the ticket to a helper function, you write on your Windows Web Service, that then generates the needed Windows Security Context natively.
On a side note, why not use OAuth instead of the Windows Security Context?
The-messenger_1Are there examples or docs for using OAuth with Okta?
Yes, Okta is supported as an OAuth resource server in 13.1: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-1-0/37.html
Harry1Hi Cody,
can we have any document where no thirdparty 2FA is involved and F5 can do this ? need some flow and per-requisites on this if possible?
This document outlines how to do it with an iRule: https://f5.com/Portals/1/PDF/security/f5-okta-for-web-access-management-recommended-practices.pdf
But I prefer to use the APM per-request policy engine which I outline in this video: https://www.youtube.com/watch?v=fX-qCWAIAmE&feature=youtu.be
