Forum Discussion
NimbostratusAPM with Okta leveraging SAML for SSO
Hi Joshua,
I've never played with Windows Web Services but it is a safe bet you can't create the security context natively on the BIG-IP since it is not a Windows OS nor does it have native support for Windows Web Services.
However, The BIG-IP does have the ability to create a Kerberos Ticket from the Active Directory the Windows Web Service is bound to. So you could have the BIG-IP pass the ticket to a helper function, you write on your Windows Web Service, that then generates the needed Windows Security Context natively.
On a side note, why not use OAuth instead of the Windows Security Context?
The-messenger_1Are there examples or docs for using OAuth with Okta?
Yes, Okta is supported as an OAuth resource server in 13.1: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-1-0/37.html
Harry1Hi Cody,
can we have any document where no thirdparty 2FA is involved and F5 can do this ? need some flow and per-requisites on this if possible?
Cody_GreenEmployee
Harry, I'm not quite sure I understand the question. Are you asking if F5 can do push MFA without 3rd party integration?
- Harry1
yes. exactly.
- Cody_Green
No, F5 does not currently support push MFA capabilities natively. Please contact your F5 Sales Team or email me separately for additional information - my email address is in my profile.
- The-messenger_1
I'm still on v12. I've watched your video "F5 APM and Okta Password Based SSO" and configured a demo.
Are there docs that dig into the header auth or Kerberos, with Okta?
- Cody_Green
That should be covered in the joint Okta/F5 deployment guide
- The-messenger_1
The Okta deployment guide mentions Kerberos and header auth (this is shown in a diagram) but the actual config is just saml. It's also a little out of date.
Can you point me to generic APM info on header auth in an access policy?
