Forum Discussion

Wendell_Moine_3's avatar
Wendell_Moine_3
Icon for Nimbostratus rankNimbostratus
Oct 31, 2017

Automatically authenticate users to Intranet sites

I am trying to get our access policy configured so that once a user is logged in and clicks a web application link to our Intranet sites; the user doesn't have to enter their domain account again. Ri...
application delivery
BIG-IP Access Policy Manager (APM)
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Oct 31, 2017

Hi,

 

APM works with session variable to evaluate policy.

 

  • SSO requires following variables :
    • session.sso.token.last.username
    • session.sso.token.last.password
    • session.logon.last.domain (for NTLM SSO)

Logon page create following variables - session.logon.last.username - session.logon.last.password - session.logon.last.domain (when split domain from username is enabled)

 

SSO credential mapping allow to create expected SSO variables. You must set it AFTER logon page to reuse logon page variables values. It is recommended to set it after AD auth and AD query boxes.

 

if the SSO method used is NTLM, you must have session.logon.last.domain set with NETBIOS name

 

if the SSO method used is KERBEROS, you must have session.logon.last.domain set with FQDN domain name