APM Authentication mith MRH Cookie?

Hi

We will need slightly more precisions here to help. On one side we talk about MRH session, and on the other want the use of LTM Only. This is not clear.

What kind of system does the Java application access ?

What king af authentication is the module "web_auth" using (username password, NTLM, Kerberos, SAML ... ) ?

Thanks

Hi Yoann,

I'm sorry not to have postet more Information.

Sure i'll have to start APM on the F5.

The System is our own Application, written only for our needs, I only can say, it's a java-based web-application running on Tomcat

The Server for "web_auth" is a AD-Member with a keytab, so it would be Kerberos (i think i've got to intergrate the BIG-IP in kerberos with a keytab-file too)

maybe this helps?

Hi

Still not very clear unfortunately :-)

But many options there, here is just a few :

1- If your internal users MUST authenticate without passwords : then you can do Kerberos Authentication on the F5 itself, then yes you will need a keytab and configuration object on APM to perform authentication. Then, once AUTHENTICATION is done on APM, you can use KCD (Kerberos Constrained Delegation) to perform a Kerberos authentication to the web_auth module. This of course works only for users in the internal domain / REALM

2- If you intend to allow other authentication method on the F5 (like for example strong authentication, MFA...) then you can configure whatever factors you want on APM to authenticate the user. Once done, you can perform KCD again to authenticate to web_auth module on your backend,

This allows you to support only one authentication method on your backend, and handling multiple authentication type on the F5 ... But again, your requirements are not cristal clear as of now.

I hope this information helps you...

Yoann