For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

John_Reddington's avatar
John_Reddington
Icon for Nimbostratus rankNimbostratus
Jul 22, 2014

Seamless athentication to Webtop

Is it possible to authenticate to a webtop seamlessly using the AD credentials our users are already logged onto their machines with?   To qualify, we have a webtop, that when accessed, presents u...
BIG-IP Access Policy Manager (APM)
deployment
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Aug 04, 2014

However would I also be able to have a fall back to the standard login page here if I accessed my webtop from a non corporate/non domain joined workstation, where attempting kerberos auth would fail?

 

In the visual policy for your IdP, you can configure the 401 agent to send Kerberos tickets to the Kerberos Auth agent, and anything else (fallback) to a standard logon page. The only thing you really have to worry about here is 1) the SAML trust between the IdP and SP(s), and 2) how you authenticate users at the IdP. Regardless of where the user is coming from, if he accesses a SAML-integrated application, he'll be redirected to the IdP for authentication. Once that happens and the user is properly authenticated, he'll be sent back to the SP with an assertion and access should be granted.

 

Related Content