Forum Discussion

Rupesh_M's avatar
Rupesh_M
Icon for Nimbostratus rankNimbostratus
Oct 24, 2013

SSO functionality for Revese Proxy

Hi,

 

We are looking for SSO functionality on Reverse Proxy with BIG IP 4000. If multiple sites are published through Reverse Proxy and users access any one of those site, it will redirect user to login page and BIG IP will capture the user credential. And if the user tries to access other sites through reverse proxy, it should not ask credential to user, F5 should be able to push user credential to other site. Can it be done on F5, and what is logical configuration is required to achive the same.

 

APM
design
security

4 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 24, 2013

    This is possible with the APM module I would have thought. Apologies but I don't know enough to advice on it's configuration.

     

  • Gabriel_V_13146's avatar
    Gabriel_V_13146
    Icon for Cirrus rankCirrus
    Oct 24, 2013

    There are several ways to achieve SSO, indeed you need APM module for most of them. See this file for details: http://support.f5.com/content/kb/en-us/products/big-ip_apm/manuals/product/apm_sso_config_11_0_0/_jcr_content/pdfAttach/download/file.res/apm_sso_config_11_0_0.pdf

     

    • Rupesh_M's avatar
      Rupesh_M
      Icon for Nimbostratus rankNimbostratus
      Oct 24, 2013
      Thanks Gabriel for sharing iputs and document link.
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 24, 2013

    Steve is absolutely correct. This is a primary function of the Access Policy Manager (APM) module. Also understand that under most conditions, the BIG-IP platform IS already a reverse proxy. So APM can collect user credentials and then use those credentials to transparently authenticate the user to different applications behind the reverse proxy. Moreover, the type of SSO can be different for each application (ie NTLM, Kerberos, form, Basic, etc.) and you can even authenticate across federated platforms with SAML.