For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

John_Reddington's avatar
John_Reddington
Icon for Nimbostratus rankNimbostratus
Jul 22, 2014

Seamless athentication to Webtop

Is it possible to authenticate to a webtop seamlessly using the AD credentials our users are already logged onto their machines with?   To qualify, we have a webtop, that when accessed, presents u...
BIG-IP Access Policy Manager (APM)
deployment
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jul 23, 2014

Would using NTLM or Kerberos both result in session.logon.last.logonname being stored as a session variable that can be used for SAML?

 

I believe so. I haven't done enough with client side NTLM to have it emblazoned forever in my noggin, but it certainly does create this value in client side Kerberos.

 

I'm trying to find the steps to follow to set both of these methods up for testing... Should I look further at the document Michael linked me too, or do you know of any easier to follow document that covers this particular scenario?

 

Michael's doc on client side NTLM is probably the best resource out there. As for client side Kerberos, there's a few "official" resources, including this one:

 

http://support.f5.com/content/kb/en-us/products/big-ip_apm/manuals/product/apm-aaa-auth-config-11-4-0/_jcr_content/pdfAttach/download/file.res/BIG-IP%C2%AE_Access_Policy_Manager%C2%AE_Authentication_Configuration_Guide.pdf

 

I'm going to caveat the above with an observation that the official guides aren't that great when it comes to Kerberos. Read through it and if you have any questions, please ask.

 

Related Content