Forum Discussion
NimbostratusAutomatically authenticate users to Intranet sites
I am trying to get our access policy configured so that once a user is logged in and clicks a web application link to our Intranet sites; the user doesn't have to enter their domain account again. Right now, the browser pops a log in box if user accesses webtop from non-domain joined machine. We have this working in our Firepass that APM is supposed to replace. I have an SSO credential mapping action set before the logon page in our access policy.
Stanislas_Piro2Cumulonimbus
Hi,
APM works with session variable to evaluate policy.
-
SSO requires following variables :
- session.sso.token.last.username
- session.sso.token.last.password
- session.logon.last.domain (for NTLM SSO)
Logon page create following variables - session.logon.last.username - session.logon.last.password - session.logon.last.domain (when split domain from username is enabled)
SSO credential mapping allow to create expected SSO variables. You must set it AFTER logon page to reuse logon page variables values. It is recommended to set it after AD auth and AD query boxes.
if the SSO method used is NTLM, you must have session.logon.last.domain set with NETBIOS name
if the SSO method used is KERBEROS, you must have session.logon.last.domain set with FQDN domain name
-
SSO requires following variables :