For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

boneyard's avatar
boneyard
Icon for MVP rankMVP
Jun 19, 2013

mixing SSO methods, i.e. ntlm, basic http and kerberos

i was wondering if i can freely mix SSO methods with a webtop implementation. currently im using NTLMV2 and HTTP basic together by configuring different SSO profiles on the portal access resources. t...
BIG-IP Access Policy Manager (APM)
remote access
security
dryk_00's avatar
dryk_00
Icon for Nimbostratus rankNimbostratus
Jun 18, 2015

HEllo, is it possible to share how policy should look like for both aaa (client side) and sso (server side) authentication?

 

I am struggling with implementing such a flow:

 

User ------ any page except sso-login.htm ----> Big Ip ------ any page ---> server

 

User <----- response ----------------------------- BigIP <------- response ---- server

 

User ----- sso-login.html ------> BigIp User <----- 401 Negotiate-------- BigIp (if no valid previous kerb-Auth-ok cookie found)

 

User ----- TGT ---------------------> BigIP -------- request sso-login.htm ----> server

 

BigIP <-------- 401 Negotiate ----> server

 

BigIP -------- TGT as user ----> server User <---- response with kerb-Auth-Cookie -- BigIp <------- response --- server (if kerb auth OK