Forum Discussion
NimbostratusApplication on Apple IOS that uses NTLM Authentication against AD to access Backend Internal Server
I have an apple IOS App that needs to access an internal resource server. The IOS uses AD credentials that are passed to a server that runs IIS via NTLM. I have configured a VIP in NTLM and created a SSO NTLM profile. I can see that the IOS App is successfully authenticating with AD when I hit the NTLM VIP however the piece a do not have functioning yet is having those credentials passed to the backend resource server that has been assigned to the VIP as a pool server. My access policy is the following: Start - HTTP 401 Response-AD Auth - SSO Credential Mapping - Allow
Inside the SSO Credential Mapping SSO Token Username I have selected "sAMAccountName from ActiveDirectory" with the following variable: mcget {session.ad.last.attr.sAMAccountName} and for the SSO Token Password: mcget {session.logon.last.password}
Is this correct? If so is the variable for SSO Token Password Correct in the SSO Credential Mapping
2 Replies
dnorthrip_22776Corrections: Configured a VIP in LTM
I can see that the IOS App is successfully authenticating with AD when I hit the LTM VIP
Stanislas_Piro2Cumulonimbus
Hi,
during NTLM auth, the client never send password but answer to a challenge to be confirm the password is right.
in APM, NTLM challenge is between client and AD. F5 only receive authentication status.
so APM never get the password and session.logon.last.password is not set (or blank, never watched).
with NTLM auth, the only SSO method available is Kerberos.
Stanislas
