Shared Authentication Domains on BIG-IP APM
How to share an APM session across multiple access profiles. A common question for someone new to BIG-IP Access Policy Manager (APM) is how do I configure BIG-IP APM so the user only logs in once. By default, BIG-IP APM requires authentication for each access profile. This can easily be changed by sending the domain cookie variable is the access profile’s SSO authentication domain menu. Let’s walk through how to configure App1 and App2 to only require authentication once. We’ll start with App1’s Access Profile. Once you click through to App1’s settings, in the Top menu, select SSO/Auth Domains. For the Domain Cookie, we’ll set the value to f5demo.com since App1 and App2 use this domain and it is a FQDN. Of course, click Update. Next, we’ll select App2’s Access Profile. Like App1, we select SSO/Auth Domains and set the Domain Cookie value to f5demo.com. To make sure it works, we’ll launch App1 in our browser. We’re prompted for authentication and enter our credentials and luckily, we have a successful login. And then we’ll try to login to App2. And when we click it, we’re not prompted again for authentication information and gain access without prompts. Granted this was a single login request for two simple applications but it can be scaled for hundreds of applications. If you‘d like to see a working demo of this, check it out here. psAsk the Expert – Why Identity and Access Management?
Michael Koyfman, Sr. Global Security Solution Architect, shares the access challenges organizations face when deploying SaaS cloud applications. Syncing data stores to the cloud can be risky so organizations need to utilize their local directories and assert the user identity to the cloud. SAML is a standardized way of asserting trust and Michael explains how BIG-IP can act either as an identity provider or a service provider so users can securely access their workplace tools. Integration is key to solve common problems for successful and secure deployments. ps Related: Ask the Expert – Are WAFs Dead? Ask the Expert – Why SSL Everywhere? Ask the Expert – Why Web Fraud Protection? Application Availability Between Hybrid Data Centers F5 Access Federation Solutions Inside Look - SAML Federation with BIG-IP APM RSA 2014: Layering Federated Identity with SWG (feat Koyfman) Technorati Tags: f5,iam,saas,saml,cloud,identity,access,security,silva,video,AAA Connect with Peter: Connect with F5:
