F5 APM Authentication: Active Directory Method

Question

I am not seeing any dedicated active directory (AD) account used by F5 APM to connected to AD. Is that because it uses Kerberos ?. Thank-you.&nbsp;

lucas_thompson_ · Answer

I'm assuming you are talking about AAA (frontend user auth, not SSO).
APM has two functions geared toward AD: AD Auth and AD Query. AD Auth uses the end user's credentials collected from a logon page and put into session.logon.last.username and session.logon.last.password, then transmits those via Kerberos to the specified AD server. 
AD Query uses Kerberos to authenticate to an LDAP service on AD to issue queries. The creds from the AAA AD Server definition will be used. If it's empty, then the user's creds will be used.
I think this is covered pretty well in the manual, but you may want to review the APM Operations Guide which has a technical overview. If you feel like the information there is incomplete or confusing, please let us know and we'll update it as required:
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/f5-apm-operations-guide.html

Forum Discussion

F5 APM Authentication: Active Directory Method

1 Reply

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Remote User Authentication (e.g. F5 admins) using Azure Active Directory

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Active Directory authentication for management GUI

rSeries and Active Directory authentication

Remote Authorization via Active Directory