For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 22, 2015

If you look at the properties of your NTLM SSO profile, you'll see two "source" variables which are the values used to perform the NTLM auth to the server. You have one for username (usually session.sso.token.last.username), and one for password (usually session.sso.token.last.password). There's also one for the input domain. If you're collecting the username and password from a login page, they'll be stored in the session.logon.last.username and session.logon.last.password variables, respectively and the password will be stored encrypted. In order to use that password in an SSO, you'll want to add an SSO Credential Mapping agent in the visual policy right before the ending Allow block which will copy both values to their respective session.sso.token.last.* variables and decrypt the password.