CirrostratusAPM and certificate based AD authentication
Hello,
We are looking to authenticate users into their domain joined PC's using certificate based services (Smartcard's). Due to the way it is going to implemented, users will not get a prompt to enter their password. They will only have an option to enter their smart card and put their pin. This creates a problem for non SAML aware applications for SSO reasons. If we decide to use SSO using a forms based method where the end applications is looking to see a username/password , then SSO will fail.
Do you have any suggestions on how to configure APM so it can be used in a scenario such as this and still achieve SSO to the end application.
karthik
In other words: APM doesn't have the user's password. The normal solutions to this are:
- Use Kerberos SSO with a delegation account. This is easy an long as your web server is IIS.
- Use SAML.
Sometimes people come up with other solutions. Because APM has access to irules, you can basically implement anything that is technically possible, with the important exception of passing the client's certificate through to the backend app. We don't support doing that.
I'd recommend consulting your app vendor to get their preferred SSO delegation technique.
