Forum Discussion

Marvin_129795's avatar
Marvin_129795
Icon for Nimbostratus rankNimbostratus
Dec 13, 2016

F5 APM retrieve AD groups and resend using HTTP POST parameter

Dear all,   I am looking at a particular situation where an internal web server needs to know what kind of AD membership groups are assigned to a user that tries to login. The authentication only ...
ad
ad authentication
application delivery
BIG-IP Access Policy Manager (APM)
parameter
post
security
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Dec 13, 2016

    Yes this is fairly simple. Use LTM+APM mode, and AD Query / AD Auth in your Access Policy. Set the "start uri" parameter to your backend app's URI, and use forms-based SSO (server-initiated) to fill in the resultant session variables from your AD Query into your form parameter. The groups will be in the form of a pipe-delimited list of the group DNs that came back from the query.

     

Dan_73594's avatar
Dan_73594
Historic F5 Account
Dec 13, 2016

Hi Marvin,

 

Is this to say the first request to the backend server must be a POST, and that POST must contain AD group membership?

 

Dan