APM Cookbook: Single Sign On (SSO) using Kerberos

To get the APM Cookbook series moving along, I’ve decided to help out by documenting the common APM solutions I help customers and partners with on a regular basis. Kerberos SSO is nothing new, bu...

Published Apr 28, 2014

Version 1.0

BIG-IP Access Policy Manager (APM)

Cirrostratus

Joined July 31, 2011

View Profile

Smithy

Cirrostratus

Joined July 31, 2011

View Profile

Michael_Koyfma1

Cirrus

May 09, 2014

AP - yes, you can - there are many ways to do that. Probably one of the easiest is to do AD Query right after successful Kerberos Auth and put the following into the search filter:

userPrincipalName=%{session.logon.last.username}

That will retrieve the entire AD object for the user that has authenticated via Kerberos, and you will be able to use samAccountName attribute in your SAML assertion(which will effectively have their account name without the domain in it.

APM Cookbook: Single Sign On (SSO) using Kerberos

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS