SSO with Web Access Management System

IHAC with a 4100. They want to provide SSO between the 4100 and a down stream Web Access Management (WAM) product. This WAM is not listed as a supported SSO compatible product (e.g. its not Netegrity). is there a way that I can have the user authenticate to the 4100 and then access WAM protected web pages behind the Firepass without re-authentication?

What would be great is (in order of preference):

1. The 4100 could have an authentication mechanism that prompted a user to authenticate and then posted the username and password/passcode to a specific URL (this would be the WAM login page). This would return an HTTP status of 200 for success or 403 for failure. The Firepass could use this as an authenication type and allow access to the WebTop. On success any returned session cookies could be cached on the 4100 or forwarded to the browser. The user is now authenticated to Firepass and the WAM system with support for multiple authentication types.

2. If the 4100 could create SAML Assertions. Then after authentication to Firepass when the user clicks on a link in teh WebTop then the user could be logged into the WAM protected system via a Federation Model using BAP or BPP.

3. Have the user hit a WAM protected web server and authenticate. Either through an API, iControl or something(??) a cal is made to the 4100 to create a session for the user or manufacture a Header that the 4100 trusts. The user would then be redirected to Firepass and a session cookie or Header created is trusted and the user is allowed access.

4. After authenticaion to 4100 when accessing the WAM protected web application the 4100 is configured to forward on the credentials supplied to it to the WAM login page. This would need to support Forms based authentication as well as HTTP basic auth.

Looking at the External Authentication stuff it suggests that all you are doing is providing login page external to the 4100 which posts to the 4100 fo authentication. This would not acheive what I'm looking for.

Any ideas?

Thanks

BIG-IP Access Policy Manager (APM)

remote access

security

Forum Discussion

SSO with Web Access Management System

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Issue on connection limit

Wireshark Plugin for TLS

F5 Distributed Cloud Services Simulator Connect

F5 CIS -> NGINX Plus Ingress Controller Integration

Catch Dynamic CRL Errors and Return Friendly Page

Related Content

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Automating ACMEv2 Certificate Management on BIG-IP

HTTP Event Order -- Access Policy Manager

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS