For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

John_Reddington's avatar
John_Reddington
Icon for Nimbostratus rankNimbostratus
Jul 22, 2014

Seamless athentication to Webtop

Is it possible to authenticate to a webtop seamlessly using the AD credentials our users are already logged onto their machines with?   To qualify, we have a webtop, that when accessed, presents u...
BIG-IP Access Policy Manager (APM)
deployment
security
John_Reddington's avatar
John_Reddington
Icon for Nimbostratus rankNimbostratus
Jul 22, 2014

Thanks for the responses. I have had a look at that article and it goes into great depth for setting up seamless auth for domain joined machines where SAML resources are being accessed. I guess to prevent a double login and make the BigIP aware of the user trying to access the SAML resource (via NTLM) instead of prompting for credentials when the iDP is called?

 

We dont access any SAML resources directly via SP links (although we could and some users do). They are presented as applications within our webtop, after an initial login to the webtop is made and the user is challenged for credentials. At that point when accessing SAML resources, it becomes seamless for us...

 

What I cant figure out is how I would configure the Webtop for seamless login so the end user experience would be as follows:

 

1)User Logs into domain joined machine 2)User browses to web top 3)Seamless log in to webtop, as APM should know who the user is because the user has already authenticated to the domain 4)List of applications (Portal Access, SAML Resources, Webtop Links etc etc) presented to user automatically and dynamically via AD Group Membership as APM already knows who the user is 5)User clicks a SAML enabled applications, that is also seamless, as the APM already knows who the user is.

 

Is this user journey possible?

 

Related Content