Seamless login from ntlm to form based authenication
I wonder if it's actually possible: Implement seamless login for the application Let's say user access home page. Home page is hosted on the IIS with integrated authentication (NTLM) Is it actually possible to grab user credentials, append domain name and use form based SSO to login to some other websites without installing any F5 plugins to the users workstation Thanks471Views0likes7Commentsneeds to some help with IRule that will assign sso
I'm trying to figure out a cleaner way to redirect clients when they try to access web page directly without login first to the portal Setup: 2 portal pages and 2 domains 2 internal applications that not suppose to be accessible directly 2 sso My iRule for internal application when ACCESS_ACL_ALLOWED { set domain [ACCESS::session data get "session.ad.last.actualdomain"] set authresult [ACCESS::session data get "session.ad.last.authresult"] if { $domain == "internal.org" and $authresult == 1 } then { WEBSSO::select internal.org_ntlm_sso } elseif { $domain == "external.local" and $authresult == 1} then { WEBSSO::select external.local_ntlm_sso This part doesn't work else { log local0. "Authentication Failed HTTP::redirect "http://something.org" } } Second iRule to handle error 20 when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when HTTP_REQUEST { if { [HTTP::uri] ends_with "/my.logout.php3?errorcode=19" or [HTTP::uri] ends_with "/my.logout.php3?errorcode=20" } { HTTP::redirect "http://something.org" } } APM policy for internal sites: Start-Allow314Views0likes2CommentsSSO Successful Logon Detection Match Type
What is the purpose for this configuration item? Successful Logon Detection Match Type What internal process does it trigger within the WEBSSO processing? My applications seems to function (perform SSO) just fine with or without this information being configured. Thanks.272Views0likes1CommentiRule Redirect after WEBSSO is finished
Hi, as the subject already states; i would like to do a redirect after the WEBSSO has finished it's job; though, i dont seem to find the right event to do so (ACCESS_POLICY_COMPLETED is still before WEBSSO). Any hints on this? thanks in advance, Rene210Views0likes2CommentsWebSSO - Multiple detections or single time?
Hi all, Quick question on WEBSSO. User logs into F5 APM -> Provided a Portal (With SSO Config) -> Backend Application launches, SSO kicks in and logins -> User works on application, then clicks logout (NOT APM logout, just app) -> Sent to application logon screen. Will SSO kick in the second time? My view suggests it fires one and then disables itself so the next time the start uri comes up nothing happens from Big-IP. If it is single firing, is there a way to ensure it logs the user back in immediately? I know this is a bit odd, and most people would force APM to logout when the app does, but we can't for other circumstances208Views0likes2Comments