Nimbostratus
CirrocumulusHello Vinodh,
There is a well-documented method for performing authentication from multiple AD domains using user input that Cody Green posted, Multiple Domain Authentication but this method does rely on user input and would not be transparent to your end-user.
There's no particular reason this VPE set-up can't be changed to other forms of authentication as well, including your Cloud authentication. From the sound of it, you might want to look into setting up a SAML federation, with the F5 as a service provider and whatever cloud authentication system you have as the identity provider.
At a high-level, users would hit your logon page, and select either local or cloud authentication. Based on that setting, the user would navigate to either your Local AD auth or your Federated auth.
Best of luck,
Austin
NimbostratusHi Austin,
Thanks a lot for your reply.
The issue here is the legacy application is integrated with local AD and the IT Security team now wants to remove the contractor accounts from local domain. But, there is no way for the application authentication to be altered due to limitations. Now, we will be able to authenticate contractors with external authentication integrating with F5, but to access the legacy application still the connection requires a local AD account, which prompts for username/password page. So I was checking if its possible to insert a service account using iRule to all successfully authenticated contractor sessions to allow access to the legacy application.
Regards, Vinodh