on 04-Sep-2020 12:04
This guide is written for IT professionals designing an F5 network. These IT professionals can fill a variety of roles:
For organizations with a high security demand with low risk tolerance, the need to keep all aspects of user authentication on premise is required.
The Microsoft Azure Active Directory and F5 BIG-IP APM solution integrates directly into AAD configured to work cooperatively with an existing header based, header based or variety of authentication methods. The solution has these components:
Figure 2 APM bridge SAML to header authentication components
The joint Microsoft and APM solution allow legacy applications incapable of supporting modern authentication and authorization to interoperate with Azure Active Directory. Even if an app doesn’t support SAML, and only is able to support header-based authentication, it can still be enabled with single sign-on (SSO) and support multi-factor authentication (MFA) through the F5 APM and Azure Active Directory combination. Azure Active Directory as an IDaaS delivers a trusted root of identity to APM creating a bridge between modern and PeopleSoft applications, delivering SSO and securing the app with MFA.
These instructions configure Azure AD SSO with APM to be used with PeopleSoft. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in F5.
To configure and test Azure AD SSO with APM, complete the following tasks:In this section, you will create a test user in the Azure portal named Harvey Winn.
Step 1: In the search field, type “enterprise applications” and click on Enterprise applications.
Step 2: Click on “New applications
Step 3: In the search field under Add from the gallery, type “f5” and click on Oracle PeopleSoft - Protected by F5 Networks BIG-IP and then Add.
Step 4: In the Oracle PeopleSoft - Protected by F5 Networks BIG-IP | OverviewClick window, click 1. Assign users and groups, and in the next screen, click + Add user.
Step 5: In Home > Oracle PeopleSoft - Protected by F5 Networks BIG-IP | Users and groups > Add Assignment page, click Users and groups.
Step 6: In the search field under Users and groups, search “harvey” and click on the user Harvey Winn, click on Select and then click on Assign.
Step 1: Click on Single sign-on.
Step 2: Click on SAML.
Step 3: In Home > Oracle PeopleSoft - Protected by F5 Networks BIG-IP | Single sign-on > SAML-based Sign-on page, under Basic SAML Configuration, click the edit icon.
Step 4: Complete the following information and click Save.
Step 5: In Home > Oracle PeopleSoft - Protected by F5 Networks BIG-IP | Single sign-on > SAML-based Sign-on page, under User Attributes & Claims, click the edit icon, and click + Add new claim.
Step 6: In Home > Oracle PeopleSoft - Protected by F5 Networks BIG-IP | Single sign-on > SAML-based Sign-on > User Attributes & Claims > Manage claim page, complete the following information and click Save.
Step 7: Click > SAML-based Sign-on > , to verify information
Step 8: Under SAML Signing Certificate and next to Federation Metadata XML, click right click on Download and select Save Link As…
Step 9: Rename File names to remove spaces.
Note: APM Guided Configuration will not accept spaces in the file name
This completes Azure AD configuration.
These instructions configure with APM to be used with Azure AD SSO for PeopleSoft application access. For SSO to work, you need to establish a link relationship between APM and Azure AD in relation to the PeopleSoft.
To configure and test Azure AD SSO with APM, complete the following tasks:
Step 1: In BIG-IP click Access > Guided Configuration > Federation > SAML Service Provider.
Step 2: Click Next.
Step 3: In the Service Provider Properties page, configure the following information, leave default settings and click Save & Next.
Step 4: In the Virtual Server Properties page, configure the following information, leave default settings and click Save & Next.
Step 5: In the External Identity Provider Connector Settings page, configure the following information, leave default settings and click Save & Next.
Step 6: In the Pool Properties page, configure the following information, leave default settings and click Save & Next.
Step 7: In the Single Sign-On Settings page, click Enable Single Sign-On, and then click on Show Advanced Settings, configure the following information, leave default settings and click Save & Next.
Step 8: In the Endpoint Checks Properties page, leave default settings and click Save & Next.
Step 9: In the Timeout Settings page, leave default settings and click Save & Next.
Step 10: In the Your application is ready to be deployed page, click Deploy.
This completes APM configuration.