CirrostratusI have a forms based sso profile, on an APM policy for an apache server, I cannot get sso to pass the username/credentials.
Started with a basic forms based policy. Then contacted the vendor for a starting URI and username/password parameters, still not successful.
Application login provides a username field, after entering the username the password field is displayed.
CumulonimbusHi,
I found the ultimate solution to this kind of problem. It's SSO using sideband.
In the VPE i use irule event that call to an Irule, this irule post data (authentification) and manage all other needs (I retrieve session cookie in the response). And once user is authenticated in APM I insert session cookie that i retrieve an my irule event...
It's more flexible and simple. Let me know if you need help for this irule.
I can also write an article about this SSO if it can help you.
regards,
CirrostratusYoussef, thanks, would like more information. I have used sideband with a mobile app, that would be in front of APM in the process but with this it's not as clear. So, please an article would be great!
And - now F5 is using this same login procedure, I think this will become much more common.
CumulonimbusHi
The backend application cannot provide a single page for logon, or another authentication mechanism (401 Basic or Negotiate Kerberos or NTLM). Or even better SAML ?
If not then I thing standard form based SSO is not likely to operate OK.
Maybe Client Side SSO could help, but that is very specific and bound the backend application, so difficult to give you a solution like this. But my guess is if you enable 2 client side initiated SSO successively (one for the logon page and one for the password page), it may work.
I haven't tried though. I'll do if I find a bit of time :)
Let us know.