For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

p_jones_1353's avatar
p_jones_1353
Icon for Altocumulus rankAltocumulus
May 11, 2014

Thanks for the feedback.

 

You could do this in a few ways:

 

Static Host mapping Real-time RESOLV:lookup (and cache responses) Out-of-band process to periodically poll and update a local static entry

 

I'll look into these options.

 

I'm curious about this. The term "cross domain" is generally inclusive of auth protocols like Kerberos, which is something you couldn't do with remote cloud-based services. I'd venture that your options are probably limited to user/pass is some HTTP-based auth method like Form, Basic, or NTLM. In either case, there's SSO profiles for each.

 

Cross domain SSO in F5 APM terminology is being able to sign into multiple URLs using a single authentication to the APM.

 

This is even more curious. The SSO itself is going to look for some pattern (a form page, a specific URL, form parameters, some combination of these) to trigger posting credentials. That should be an issue. But the logic for sending the customer number could be a bit more complex. Is there a form that's returned from the remote server for the user to enter the customer number? Is it possible to include the customer number in a query string?

 

Pretty sure its as form. Not sure exactly how it works but i'll do some further digging. Can the APM do the following ?

 

  1. User signs into F5 APM page
  2. User is forwarded to the page\form to enter their customer ID which they manually do
  3. after this it he logon page is presented and APM automatically fills in the username and password to log the user in

The order here is important as the SSO only needs to happens after the customer ID is successfully entered.

 

Thanks