NTLM

Question

Is it mandatory to use NTLM Auth result in VPE whenver we use NTLM as SSO.

we do not have an Machine account configured but i could see the policy is working .

SSO below

we have configured NTLM sso with username password domain source and NTLM domain

in VPE

Start->logon->AD auth->sso credentail->pass

how does this work ?

keesvandenbos · Accepted Answer

sso credential mapping is taking care of that.
NTLM SSO can be used as an SSO configuration for windows servers that do not support Kerberos authentication. Other options are possible, all depending on your pool member.

There are a few: https://www.google.com/search?q=bigip+apm+sso&amp;oq=bigip+apm+sso

keesvandenbos · Answer

Hi,No it is not. NTLM Auth is used allow browsers to perform integrated authentication.
Your VPE setup looks fine. Users use the logon page to authenticate against AD, username and password are passed to the NTLM SSO object.Cheers,Kees

keesvandenbos · Answer

Flow is:Variable for username is session.logon.last.usernameVariable for password is session.logon.last.passwordMost of the time this is entered by the user via the logon page.APM will then follow the flow of the VPE.So next is AD auth. If this was successful next is SSO credential mapping. This agent will map any session variable to session.sso.token.last.username for the username and session.sso.token.last.password for the password.By default it will use the username and password from the logon page.session.sso.token.last.username, session.sso.token.last.password are being used (with the domain from AD auth) fir the NTLM SSO (in the NTLM SSO Object) for authentication between de BIG-IP APM and the webserver.So in short ;-) Yes (the values that are set via sso credential mapping in macros is assigned to NTLM username passord domain source)

sv2022 · Answer

Thank you,&nbsp;1.so what you are saying is the macros will be executed first and the resulted username,password domain values will be assigned to Username,password and domain source under NTLM sso config ? correct me if i am wrong..&nbsp;2.in that case when we are not using NTLM auth result what is the use of NTLM SSO with AD authentication. We can go with other option right&nbsp;?&nbsp;is there any specific videos/training materials for F5 APM SSO&nbsp;

sv2022 · Answer

1.So the values that are set via sso credential mapping in macros is assigned to NTLM username passord domain source or its vise versa?

sv2022 · Answer

1.So the values that are executed via sso credential mapping in macros is assigned to NTLM username passord domain source or its vise versa?

Forum Discussion

NTLM

7 Replies

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Configuring APM Client Side NTLM Authentication

Persist connection based on NTLM username

NTLM Authenticated Proxy External Monitor

Leveraging BIG-IP APM for seamless client NTLM Authentication

NTLM Authentication