For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Dec 13, 2016

Solved

F5 APM retrieve AD groups and resend using HTTP POST parameter

Dear all, I am looking at a particular situation where an internal web server needs to know what kind of AD membership groups are assigned to a user that tries to login. The authentication only ...

ad authentication

application delivery

BIG-IP Access Policy Manager (APM)

Lucas_Thompson_
Dec 13, 2016
Yes this is fairly simple. Use LTM+APM mode, and AD Query / AD Auth in your Access Policy. Set the "start uri" parameter to your backend app's URI, and use forms-based SSO (server-initiated) to fill in the resultant session variables from your AD Query into your form parameter. The groups will be in the form of a pipe-delimited list of the group DNs that came back from the query.

Historic F5 Account

Dec 13, 2016

Hi Marvin,

Is this to say the first request to the backend server must be a POST, and that POST must contain AD group membership?

Dan

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5