For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

tjunak_222599's avatar
tjunak_222599
Icon for Nimbostratus rankNimbostratus
Sep 24, 2015

Offloading authentication

I am totally new to F5 world and my understanding to some of F5 features can be incorrect... so our customer is going to use F5 LTM that will mange a number servers/services. Now we are trying to come up with different authentication solutions. One solution I read about is the possibility to offload authentication to F5 - is my understanding correct that F5 could handle application authentication? If yes is it possible to create a set of user groups per application - so that when request comes in F5 knows how to authenticate it based on target application? If the authentication offloading is possible then other question I am trying to get answer for is how F5 accesses users data? Currently users are stored in DB2 database are there any ways to hook F5 to such data source?

 

Can someone shed some light on these questions?

 

Thank you.

 

application delivery
LTM
security

2 Replies

  • Seth_Cooper's avatar
    Seth_Cooper
    Icon for Employee rankEmployee
    Sep 25, 2015

    Hi,

     

    You can certainly offload authentication to the F5 using the APM module. You would have an access profile enabled on your virtual server and in this access profile you can set it up to do all kinds of checks and authentication.

     

    You will be unable to look directly into the DB2 database to validate user credentials. This isn't a huge issue if you can have your developers create a simple web page that can accept the credentials and then respond with "yes" or "no. If you can have that setup then we can have an HTTP Auth object where we will take the username and password and pass them to an HTTP page and based on the response allow or reject the access.

     

    If you have any other questions please let me know or reach out to your local sales reps.

     

    Seth

     

  • tjunak_222599's avatar
    tjunak_222599
    Icon for Nimbostratus rankNimbostratus
    Oct 08, 2015

    Seth, thank you very much for your reply - that helped!

     

    I've managed to set up my F5 VE LTM 12.0 so that a request comes through it and reaches a web server on an internal network behind F5. Now I am trying to enable LDAP authentication - the issue I came across is that I can't seem to find an information on how you enable LDAP authentication on a selected Virtual Server. I can't create my LDAP profile because during setup based on documents I read I need to select "LDAP" profile - but it seems to be missing in that version of F5.

     

    Does anyone know how to set it up in F5 12.0? My only purpose is to test it and I hope I can avoid setting up any encryption or client certificate LDAP.