How to pass single sign-on credentials

Question

Pardon my ignorance- my understanding of big-ip is pretty basic.&nbsp;
We have a pair of servers with a web-based application that we are trying to load balance.  We users connect directly to the servers, they are authenticated automatically via their AD credentials. But when they connect to the VIP, they get a prompt to login.&nbsp;
How can I set up the VIP so the users don't get the login prompt and are authenticated the same as when they connect directly?&nbsp;
Thanks&nbsp;

amiles_377865 · Answer

Hello Frank,&nbsp;
Big-IP has a couple of different ways of configuring SSO, as you can see here.  All of these are enabled through F5's access policy module (APM). If you're fresh to APM, F5 has some excellent documentation here.&nbsp;
Feel free to ask if you have any follow-up questions,&nbsp;
Austin&nbsp;

frank_murray_3 · Answer

There is no APM-  just LTM&nbsp;

amiles_377865 · Answer

That definitely complicates the configuration. Check to see that you can't upgrade your license/provision APM on your LTM Big-IPs, as the configuration becomes much easier to implement. That being said, there does seem to be a precedent for SSO without APM that I found on this devcentral post here. I don't know if there are precedents for other auth systems, but perhaps by referencing the different auth systems you can come to a solution.

Forum Discussion

How to pass single sign-on credentials

3 Replies

Recent Discussions

Transaction looks successful but file not downloading

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

APM Cookbook: Single Sign On (SSO) using Kerberos

Zero Trust building blocks - Leverage F5 NGINX Plus Single Sign-On (SSO) and F5 XC

Digest based Single-Sign-On

Apache mod_auth_tkt Single Sign On

OWASP Automated Threats - Credential Stuffing (OAT-008)