Forum Discussion

dnorthrip_22776's avatar
dnorthrip_22776
Icon for Nimbostratus rankNimbostratus
Nov 05, 2016

Application on Apple IOS that uses NTLM Authentication against AD to access Backend Internal Server

I have an apple IOS App that needs to access an internal resource server. The IOS uses AD credentials that are passed to a server that runs IIS via NTLM. I have configured a VIP in NTLM and created a SSO NTLM profile. I can see that the IOS App is successfully authenticating with AD when I hit the NTLM VIP however the piece a do not have functioning yet is having those credentials passed to the backend resource server that has been assigned to the VIP as a pool server. My access policy is the following: Start - HTTP 401 Response-AD Auth - SSO Credential Mapping - Allow

 

Inside the SSO Credential Mapping SSO Token Username I have selected "sAMAccountName from ActiveDirectory" with the following variable: mcget {session.ad.last.attr.sAMAccountName} and for the SSO Token Password: mcget {session.logon.last.password}

 

Is this correct? If so is the variable for SSO Token Password Correct in the SSO Credential Mapping

 

APM
application delivery

2 Replies

Sort By
  • dnorthrip_22776's avatar
    dnorthrip_22776
    Icon for Nimbostratus rankNimbostratus
    Nov 05, 2016

    Corrections: Configured a VIP in LTM

     

    I can see that the IOS App is successfully authenticating with AD when I hit the LTM VIP

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Nov 05, 2016

    Hi,

     

    during NTLM auth, the client never send password but answer to a challenge to be confirm the password is right.

     

    in APM, NTLM challenge is between client and AD. F5 only receive authentication status.

     

    so APM never get the password and session.logon.last.password is not set (or blank, never watched).

     

    with NTLM auth, the only SSO method available is Kerberos.

     

    Stanislas