Forum Discussion

Wendell_Moine_3's avatar
Wendell_Moine_3
Icon for Nimbostratus rankNimbostratus
Oct 31, 2017

Automatically authenticate users to Intranet sites

I am trying to get our access policy configured so that once a user is logged in and clicks a web application link to our Intranet sites; the user doesn't have to enter their domain account again. Right now, the browser pops a log in box if user accesses webtop from non-domain joined machine. We have this working in our Firepass that APM is supposed to replace. I have an SSO credential mapping action set before the logon page in our access policy.

 

APM
application delivery

1 Reply

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Oct 31, 2017

    Hi,

     

    APM works with session variable to evaluate policy.

     

    • SSO requires following variables :
      • session.sso.token.last.username
      • session.sso.token.last.password
      • session.logon.last.domain (for NTLM SSO)

    Logon page create following variables - session.logon.last.username - session.logon.last.password - session.logon.last.domain (when split domain from username is enabled)

     

    SSO credential mapping allow to create expected SSO variables. You must set it AFTER logon page to reuse logon page variables values. It is recommended to set it after AD auth and AD query boxes.

     

    if the SSO method used is NTLM, you must have session.logon.last.domain set with NETBIOS name

     

    if the SSO method used is KERBEROS, you must have session.logon.last.domain set with FQDN domain name