F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
Jan 18, 2014

NTLM challenge response with SAML SSO

I have a virtual server that I use for SAML idp and SP initiated. I need to manually enter credentials, how can I configure this for domain joined clients to access this site without entering credentials? I presume delegation is needed, basically I need to initiate the NTLM challenge from the actual virtual server.

 

I see google has a SAML bridge that does this, how can I get this to work with the F5?

 

2 Replies

  • JoshBecigneul's avatar
    JoshBecigneul
    Icon for MVP rankMVP
    Jan 18, 2014

    Last time I heard about this, NTLM on the client-side of APM was only supported for Outlook Anywhere clients. On the other hand, this does not mean that it is impossible.

     

    Here is an article that discusses NTLM authentication on the client-side of things: http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-aaa-auth-config-11-4-0/5.html

     

    Hopefully someone out there has a better answer.

     

  • Rabbit23_116296's avatar
    Rabbit23_116296
    Icon for Nimbostratus rankNimbostratus
    Jan 19, 2014

    I've developed a simple web service that returns email address for the currently logged on user using impersonation, it returns it in xml.

     

    Long shot but perhaps using an XML profile on the VS can read the payload and then provide the data to the access policy?