Forum Discussion
NimbostratusSSO functionality for Revese Proxy
Hi,
We are looking for SSO functionality on Reverse Proxy with BIG IP 4000. If multiple sites are published through Reverse Proxy and users access any one of those site, it will redirect user to login page and BIG IP will capture the user credential. And if the user tries to access other sites through reverse proxy, it should not ask credential to user, F5 should be able to push user credential to other site. Can it be done on F5, and what is logical configuration is required to achive the same.
4 Replies
What_Lies_Bene1Cirrostratus
This is possible with the APM module I would have thought. Apologies but I don't know enough to advice on it's configuration.
- Gabriel_V_13146
Cirrus
There are several ways to achieve SSO, indeed you need APM module for most of them. See this file for details: http://support.f5.com/content/kb/en-us/products/big-ip_apm/manuals/product/apm_sso_config_11_0_0/_jcr_content/pdfAttach/download/file.res/apm_sso_config_11_0_0.pdf
Rupesh_MThanks Gabriel for sharing iputs and document link.
- Kevin_Stewart
Employee
Steve is absolutely correct. This is a primary function of the Access Policy Manager (APM) module. Also understand that under most conditions, the BIG-IP platform IS already a reverse proxy. So APM can collect user credentials and then use those credentials to transparently authenticate the user to different applications behind the reverse proxy. Moreover, the type of SSO can be different for each application (ie NTLM, Kerberos, form, Basic, etc.) and you can even authenticate across federated platforms with SAML.
