APM Cookbook: Single Sign On (SSO) using Kerberos

To get the APM Cookbook series moving along, I’ve decided to help out by documenting the common APM solutions I help customers and partners with on a regular basis. Kerberos SSO is nothing new, bu...
Published Apr 28, 2014
Version 1.0
BIG-IP Access Policy Manager (APM)
cookbook
kerberos
microsoft
security
SSO
Smithy's avatar
Smithy
Icon for Cirrostratus rankCirrostratus
Oct 21, 2018

Hi Martin,

 

You can split the user@KRB-REALM.ORG (session.logon.last.username) into seperate variables using TCL or add an AD Query object to the VPE and set the "SearchFilter" to "userPrincipalName=%{session.logon.last.username}". It will populate "session.ad.last.attr.sAMAccountName" and "session.ad.last.actualdomain". Then change the "SSO Credential Mapping" object to use "session.ad.last.attr.sAMAccountName" instead of "session.logon.last.username".

 

Cheers,

 

Brett