Forum Discussion
Russell_77729
Nimbostratus
NimbostratusGet username in iRule without APM
I have an SSO process running in an ASP webpage in IIS. This is the only thing this server does so I was thinking about replacing this process with an iRule. The thing that has me stumped is how to...
OK, so you'd need to write a server implementation of NTLM authentication in an iRule. This is difficult and probably not really a good idea because of the complexity. APM does provide this mechanism to validate the creds via NTLM, however with APM we don't have any access to the password because of how NTLM works (it's technically impossible). To get around this, SAML or kerberos is usually used. Like this:
- User authenticates to APM via IE w/NTLM automatic-authentication in Local Intranet.
- User now has APM session with their username (username is grabbed from NTLM, but not the PW)
- APM SSOs the user to some other IIS backend via Kerberos S4U, using the username and a service account
Russell_77729Nimbostratus
NimbostratusIs there a deployment guide, iApp, or example you can point me to for this?
