Forum Discussion
Marvin_129795
Nimbostratus
Dec 13, 2016F5 APM retrieve AD groups and resend using HTTP POST parameter
Dear all,
I am looking at a particular situation where an internal web server needs to know what kind of AD membership groups are assigned to a user that tries to login. The authentication only ...
- Dec 13, 2016
Yes this is fairly simple. Use LTM+APM mode, and AD Query / AD Auth in your Access Policy. Set the "start uri" parameter to your backend app's URI, and use forms-based SSO (server-initiated) to fill in the resultant session variables from your AD Query into your form parameter. The groups will be in the form of a pipe-delimited list of the group DNs that came back from the query.
raytoles_75680
Nimbostratus
Dec 07, 2009This exactly what I did once the developers returned with an issue involving the need to preserve the URI.
Took a hint from another iRule I found on DevCentral http://devcentral.f5.com/wiki/default.aspx/iRules/RewriteHTTPRedirectPort.html.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects