Forum Discussion

Marvin_129795's avatar
Marvin_129795
Icon for Nimbostratus rankNimbostratus
Dec 13, 2016

F5 APM retrieve AD groups and resend using HTTP POST parameter

Dear all,   I am looking at a particular situation where an internal web server needs to know what kind of AD membership groups are assigned to a user that tries to login. The authentication only ...
ad
ad authentication
application delivery
BIG-IP Access Policy Manager (APM)
parameter
post
security
  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Dec 13, 2016

    Yes this is fairly simple. Use LTM+APM mode, and AD Query / AD Auth in your Access Policy. Set the "start uri" parameter to your backend app's URI, and use forms-based SSO (server-initiated) to fill in the resultant session variables from your AD Query into your form parameter. The groups will be in the form of a pipe-delimited list of the group DNs that came back from the query.

     

Marvin's avatar
Marvin
Icon for Cirrocumulus rankCirrocumulus
Dec 13, 2016

Hi Dan, yes that is correct.