Case Management

MY PRODUCTS & PLANS

Subscriptions

Product Usage

Trials

Registration Keys

Resources
Downloads
Licensing
Activate F5 product registration key
Ihealth
Verify the proper operation of your BIG-IP system

F5 University
Get up to speed with free self-paced courses
Devcentral
Join the community of 300,000+ technical peers

F5 Certification
Advance your career with F5 Certification
Product Manuals
Product Manuals and Release notes

Manual Chapter : Configuring Single Sign-On with Access Policy Manager

Applies To:

Show Versions

Show Versions

BIG-IP APM

14.0.1, 14.0.0

Authentication Concepts

Active Directory Authentication

Active Directory Query

LDAP and LDAPS Authentication

LDAP Query

RSA SecurID Authentication

RADIUS Authentication

RADIUS Accounting

Kerberos Authentication with End-User Logons

NTLM Authentication for Microsoft Exchange Clients

HTTP Basic Authentication for Microsoft Exchange Clients

HTTP and HTTPS Authentication

Local User Database

OCSP Authentication

CRLDP Authentication

On-Demand Certificate Authentication

Client Certificate Inspection

One-Time Password Authentication

TACACS+ Authentication and Accounting

APM ActiveSync Limit

APM High Availability and Upgrade

Configuring Single Sign-On with Access Policy Manager

Single Sign-On Methods

Form-Based Client-Initiated Single Sign-On Method

Kerberos Single Sign-On Method

Single Sign-On and Multi-Domain Support

Common Deployment Examples for Single Sign-On

Introducing Access Policy Manager SAML Support

Using APM as a SAML IdP (SSO portal)

Using APM as a SAML IdP (no SSO portal)

Using APM as a SAML Service Provider

Using BIG-IP IdP Automation

BIG-IP System Federation for SP-Initiated Connections

BIG-IP System Federation for SP- and IdP-Initiated Connections

OAuth Overview

OAuth Client and Resource Server

OAuth Authorization Server

Logging and Reporting

Legal Notices

Configuring Single Sign-On with Access Policy Manager

What is Single Sign-On?

Access Policy Manager provides a Single Sign-On (SSO) feature that leverages the credential caching and credential proxying technology.

Credential caching and proxying

is a two-phase security approach that asks users to enter their credentials once to access their secured web applications. By leveraging this technology, users request access to the secured back-end web server. After that occurs, Access Policy Manager creates a user session and collects the user identity based on the access policy. When the access policy completes successfully, the user identity is saved (cached) in a session database. Access Policy Manager subsequently reuses the cached identity to seamlessly log the user into the secured web applications, thus providing the user with a single sign-on experience.

The Single Sign-On (SSO) feature provides the following benefits:

Eliminates the need to administer and maintain multiple user logins

Eliminates the need for users to enter their credentials multiple times.