I would like some guide on how to configure and APM policy and SSO. Basicalli, present a portal to force authentication when accessing https://mysite.example.com for example
https://mysite.example.com is an on-prem application which is configure for ADFS saml authentication on an external IdP.
Before putting an APM policy the traffic flow goes as follows.
After adding APM policy the traffic flow goes as follows.
Any advice really appreciated.
Depending on what you need to achieve you may :
-Configure APM to authenticate user using your ADFS SAML IDP. On user side nothing change compare to how it's working now : They browse https://mysite.example.com => APM redirect to myadfs.example.com => User login and get redirect to https://mysite.example.com => APM authenticate user and pass traffic to backend => backend redirect on more time to myadfs.example.com but as the user is already logged-in ADFS no action is required and the user automatically get redirect back to the backend. (In this case the SSO is built-in SAML : you authenticate once in ADFS and this authent is passed to APM and backend)
-Option2 is to configure your backend server to allows kerberos / header authentication. Then configure an SSO profile on APM to pass the user authentication to backend with kerberos / NTLM
Other option can also work but are more complex and may consume more concurrent session licence on APM.