Check credentials of a Windows App and AD membership in APM?

Question

Hi, We have a situation with an old windows app(not a browser) that has connections to backend systems published in our LTM/F5, is it possible (maybe by apm) to check if the logged in user (starting the app) is a member of a specific AD group,( maybe by Client NTLM auth?) it must be a seamless connection of course grabbing the credentials?

kin · Answer

Yes, you can use the BIG-IP APM access policy to design your authentication and authorization flow, in this case, AD/LDAP Auth + AD/LDAP query for a specific AD Group. These will be helpful:Article: K16306 - AD and LDAP Group Resource Assign feature (f5.com)Article: K12193 - Configuring nested groups in Active Directory for authentication, query, and resource assignment (f5.com)Article: K15008 - Implementing a unique Microsoft Active Directory user account for AAA in the BIG-IP APM system (f5.com)

Forum Discussion

Check credentials of a Windows App and AD membership in APM?

Recent Discussions

Help needed with iRule (connection closed log )

AS3 Limitations

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

OWASP Automated Threats - Credential Stuffing (OAT-008)

Leaked Credential Check with Advanced WAF

Creating a Credential in F5 Distributed Cloud for Azure

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

Windows Critical RCE Vulnerability, Malicious Solana-py, and EDRKillShifter

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS