Forum Discussion

Manoj_Chavali's avatar
Manoj_Chavali
Icon for Nimbostratus rankNimbostratus
Jun 12, 2020

Granular Access control policies

We are trying to use the Big IP system as a SAML service provider and PingFederate as a SAML Identity Provider.  Is it possible to create an access policy which allows/denies user to access a particu...
BIG-IP
BIG-IP Access Policy Manager (APM)
security
Manoj_Chavali's avatar
Manoj_Chavali
Icon for Nimbostratus rankNimbostratus

Hi,

 

Thank you for the information. Could you please point me towards any document on how to implement the authorization based on the LDAP attributes?

youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Jun 16, 2020

Hello,

 

You don't have a specific documentation for your need. In fact you have to use a generic access policy for authentication and LDAP query in order to retrieve needed attribute.

 

Then you can use an per-request-policy in order to restrict URL access by LDAP/AD GRP or other.

 

I alread implement this need for an custoer and I use Datagroup in order to set right:

grp_A /uri1

grp_B /uri2

grp_C /uri3

 

try to implent an per-request-policy... if you encouter a problem keep me in touch.

 

regards