Forum Discussion
AltocumulusDesign for APM SSO for external web sites without SAML
EmployeeSetup DNS on internal network to resolve the hostnames for the external cloud apps to internal LTM VIPs.
You could do this in a few ways:
- Static Host mapping
- Real-time RESOLV:lookup (and cache responses)
- Out-of-band process to periodically poll and update a local static entry
Configure LTM for each VIP to forward to the actual public web application hostname (via an irule to resolve and cache the IP addresses of the web app)
See above.
Insert APM authentication for each VIP with cross domain SSO to pass through corporate credentials to cloud based apps (i assume here there is authentication synchronization between the web app the APM Source)
I'm curious about this. The term "cross domain" is generally inclusive of auth protocols like Kerberos, which is something you couldn't do with remote cloud-based services. I'd venture that your options are probably limited to user/pass is some HTTP-based auth method like Form, Basic, or NTLM. In either case, there's SSO profiles for each.
Some of the web apps require a customer number to be submitted before the login page is displayed. I'm guessing i may need an irule to get past this page before i can pass the users credentials via SSO ?
This is even more curious. The SSO itself is going to look for some pattern (a form page, a specific URL, form parameters, some combination of these) to trigger posting credentials. That should be an issue. But the logic for sending the customer number could be a bit more complex. Is there a form that's returned from the remote server for the user to enter the customer number? Is it possible to include the customer number in a query string? However it actually works, you could potentially:
- Create two SSO profiles and use iRule logic to switch between them based on some event (ie. a specific response perhaps)
- Use an SSO profile for the user/pass stuff and use an iRule to manually post the customer number.
