Forum Discussion

Roman_B_248530's avatar
Roman_B_248530
Icon for Nimbostratus rankNimbostratus
Jan 18, 2018

APM as a proxy for a client not supporting SPNEGO

Hi F5 experts, New to F5 APM and need help in regards to below situation. We have websphere (Supports spnego/kerberos) & ms sharepoint (ntlm) on the back end and ios/safari client on the front. F5 APM is in between. When ios device with safari connects to ssl vpn (deployed on APM) it then can use the webapp on IIS transparently (no requirement to enter user/pass). However, it can't use webapp on websphere (I think this is because ios/safari doesn't like spnego) and workaround now is to let the user fill the username & password form. Is there any good way to let safari users to use websphere webapp without entering username/password? May be I can enable APM to talk to the websphere and use Kerberos and allow end user to use webapp without entering credentials? Thank you in advance.

 

APM
application delivery
LTM
security

2 Replies

Sort By
  • Roman_B_248530's avatar
    Roman_B_248530
    Icon for Nimbostratus rankNimbostratus
    Jan 24, 2018

    Clarification:

     

    Ipad IOS client (connected to SSL VPN) <---> APM <---> LTM <---> Websphere server

     

    At the moment APM is not authenticating a client (no access policy applied to Vserver)

     

    Client doesn't support spnego so only way to connect is to use login form. However same client can access sharepoint server in the same environment using NTLM. Is there any way in this scenario to allow client to connect to websphere backend without entering username / password? Would it be possible to enable authentication on APM and extract somehow client credentials and pass them to the back end? Any other options?

     

    Thanks.