Forum Discussion
Static username and password on APM
How do you set a static username and password for use with an SSO confiuration on APM?
I am assigning a portal resource with minimum patching directly to an LTM VS with a pool and want to use form based sso to a CMS we are running.
This is so a user can simply type in the URL and not need any credentials of their own (ie get authenticated using the SSO config with the static username and password).
Thanks.
1 Reply
- Kevin_Stewart
Employee
Currently your best option is either a data group listing of credentials, encrypted if necessary, or an external lookup (query). The question then comes down to the management of each. If the CMS product requires a unique credential for each user, and you don't mind managing those credentials ON the BIG-IP, then a data group may be sufficient. Otherwise you can store the CMS credentials in account attributes in some local directory service (also potentially encrypted).
If, however, you're talking about how technically to achieve SSO with static username and password variables, in the access policy simply set the required session variables that the SSO profile will consume. For form, Basic, and NTLM SSO, the default session variables are session.sso.token.last.username and session.sso.token.last.password. These SSO profiles also require the password to be in encrypted form, so you'll need to set the "secure" option in your variable assignment.
