F5 APM Authentication: Active Directory Method

Question

I am not seeing any dedicated active directory (AD) account used by F5 APM to connected to AD. Is that because it uses Kerberos ?. Thank-you.&nbsp;

lucas_thompson_ · Answer

I'm assuming you are talking about AAA (frontend user auth, not SSO).
APM has two functions geared toward AD: AD Auth and AD Query. AD Auth uses the end user's credentials collected from a logon page and put into session.logon.last.username and session.logon.last.password, then transmits those via Kerberos to the specified AD server. 
AD Query uses Kerberos to authenticate to an LDAP service on AD to issue queries. The creds from the AAA AD Server definition will be used. If it's empty, then the user's creds will be used.
I think this is covered pretty well in the manual, but you may want to review the APM Operations Guide which has a technical overview. If you feel like the information there is incomplete or confusing, please let us know and we'll update it as required:
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/f5-apm-operations-guide.html

Forum Discussion

F5 APM Authentication: Active Directory Method

1 Reply

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

Azure Active Directory and BIG-IP APM Integration

Remote User Authentication (e.g. F5 admins) using Azure Active Directory

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Complete MFA solution with GA stored in Active Directory