Forum Discussion
wick54
Nimbostratus
Nimbostratusinsert http header IV_USER
Hi Guys,
Couple of applications in our organization was authenticated against IBM TFIM and had IV_USER parameter inserted in to the packet so that the back-end server sees it and authenticate the user in authentication header and single sign him in.
We are moving these applications to F5 now, I can authenticate users using APM policy via AD, however, I'm unsure how F5 LTM or APM can insert iv_user variable in to http header for back-end server to perform authentication and SSO
Look at this article from f5, task 7
https://clouddocs.f5.com/training/community/iam/html/class2/module1/module1.html
in the example, change X-USER header with IV_USER
Stanislas_Piro2Cumulonimbus
Look at this article from f5, task 7
https://clouddocs.f5.com/training/community/iam/html/class2/module1/module1.html
in the example, change X-USER header with IV_USER
- boneyard
MVP
did this work for you wick54? i saw your reply in an older question also and would like to know if it now works for you?
- Stanislas_Piro2
Ok, you don’t trust me ;-)
i already configure such per request policy for some customers... and it worked
- boneyard
haha, totally trust you Stanislas 😇
just want to make sure it works out for wick54 or if he needs another pointer or such.
wick54Thanks Stanislas Piron, it worked for me, I have a requirement for this to be working as SSO for end-users so when they are on domain they don't need to login, currently I have a per session policy setup with a Logon page along with AD Auth/SSO credential mapping, problem is user still need to manually login with via Logon page, I'm trying to move to SAML (using F5 as SP and Azure AD as IDP) in order to provide better SSO user experience . I'm wondering per-request policy I've been using would be still valid in this scenario as well.