Forum Discussion

wick54's avatar
wick54
Icon for Nimbostratus rankNimbostratus
Jul 08, 2019
Solved

insert http header IV_USER

Hi Guys,

 

Couple of applications in our organization was authenticated against IBM TFIM and had IV_USER parameter inserted in to the packet so that the back-end server sees it and authenticate the user in authentication header and single sign him in.

 

We are moving these applications to F5 now, I can authenticate users using APM policy via AD, however, I'm unsure how F5 LTM or APM can insert iv_user variable in to http header for back-end server to perform authentication and SSO

APM
application delivery
iRules

5 Replies

Sort By
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jul 16, 2019

    did this work for you wick54? i saw your reply in an older question also and would like to know if it now works for you?

    • Stanislas_Piro2's avatar
      Stanislas_Piro2
      Icon for Cumulonimbus rankCumulonimbus
      Jul 16, 2019

      Ok, you don’t trust me ;-)

       

      i already configure such per request policy for some customers... and it worked

      • boneyard's avatar
        boneyard
        Icon for MVP rankMVP
        Jul 16, 2019

        haha, totally trust you Stanislas 😇

         

        just want to make sure it works out for wick54 or if he needs another pointer or such.

  • wick54's avatar
    wick54
    Icon for Nimbostratus rankNimbostratus
    Jul 16, 2019

    Thanks Stanislas Piron, it worked for me, I have a requirement for this to be working as SSO for end-users so when they are on domain they don't need to login, currently I have a per session policy setup with a Logon page along with AD Auth/SSO credential mapping, problem is user still need to manually login with via Logon page, I'm trying to move to SAML (using F5 as SP and Azure AD as IDP) in order to provide better SSO user experience . I'm wondering per-request policy I've been using would be still valid in this scenario as well.