Forum Discussion
SV2022
Cirrus
CirrusNTLM
Is it mandatory to use NTLM Auth result in VPE whenver we use NTLM as SSO. we do not have an Machine account configured but i could see the policy is working . SSO below we have configured NTLM...
- sso credential mapping is taking care of that.
- NTLM SSO can be used as an SSO configuration for windows servers that do not support Kerberos authentication. Other options are possible, all depending on your pool member.
There are a few: https://www.google.com/search?q=bigip+apm+sso&oq=bigip+apm+sso
Hi,
No it is not. NTLM Auth is used allow browsers to perform integrated authentication.
Your VPE setup looks fine. Users use the logon page to authenticate against AD, username and password are passed to the NTLM SSO object.
Cheers,
Kees
SV2022Cirrus
CirrusThank you,
1.so what you are saying is the macros will be executed first and the resulted username,password domain values will be assigned to Username,password and domain source under NTLM sso config ? correct me if i am wrong..
2.in that case when we are not using NTLM auth result what is the use of NTLM SSO with AD authentication. We can go with other option right ?
is there any specific videos/training materials for F5 APM SSO
- sso credential mapping is taking care of that.
- NTLM SSO can be used as an SSO configuration for windows servers that do not support Kerberos authentication. Other options are possible, all depending on your pool member.
There are a few: https://www.google.com/search?q=bigip+apm+sso&oq=bigip+apm+sso
- SV2022
1.So the values that are set via sso credential mapping in macros is assigned to NTLM username passord domain source or its vise versa?
Flow is:
Variable for username is session.logon.last.username
Variable for password is session.logon.last.password
Most of the time this is entered by the user via the logon page.
APM will then follow the flow of the VPE.
So next is AD auth. If this was successful next is SSO credential mapping. This agent will map any session variable to session.sso.token.last.username for the username and session.sso.token.last.password for the password.
By default it will use the username and password from the logon page.
session.sso.token.last.username, session.sso.token.last.password are being used (with the domain from AD auth) fir the NTLM SSO (in the NTLM SSO Object) for authentication between de BIG-IP APM and the webserver.
So in short ;-) Yes (the values that are set via sso credential mapping in macros is assigned to NTLM username passord domain source)