Applies To:Show Versions
- 15.0.1, 15.0.0, 14.1.2, 14.1.0
About AAA server
- An APM AAA server configuration object that specifies information about the external AAA server.
- An access policy that includes a logon item to obtain credentials and an authentication item that uses the credentials to authenticate against a specific AAA server.
About AAA high
- An APM AAA server configuration object that specifies a pool of external AAA servers.
- An access policy that includes a logon item to obtain credentials and an authentication item that uses the credentials to authenticate against one of the servers in the pool.
About AAA and load balancing
About AAA traffic and
About APM support for
multiple authentication types
About APM certificate
- SSL handshake verification and certificate revocation status
- APM supports verifying the SSL handshake that occurs at the start of a session or renegotiating the SSL handshake and checking it on demand. A typical configuration includes:
If the client SSL profile specifies a certificate revocation list, the access policy item verifies against it.
- An access policy that includes a certificate-related access policy item, either Client Cert Inspection or On-Demand Cert Auth.
- A client SSL profile configured per the requirements of Client Cert Inspection or On-Demand Cert Auth.
- Certificate revocation status with OCSP or CRLDP
- APM also supports verifying client certificate revocation status with an Online Certificate Status Protocol (OCSP) AAA server or with a Certificate Revocation List Distribution Point (CRLDP) AAA server. A typical configuration includes:
- An AAA server configured to point to an external server (OCSP Responder or CRLDP).
- An access policy that includes either a Client Cert Inspection or an On-Demand Cert Auth access policy item and the appropriate authentication item (OCSP Auth or CRLDP Auth).
- A client SSL profile configured per the requirements of Client Cert Inspection or an On-Demand Cert Auth.
About SSL certificates on the BIG-IP system
About local user
- A local user database that you create and populate using the Configuration utility.
- An access policy that includes a local user database authentication item.
About guest access
(one-time password) support
- An SMTP server for sending email or an HTTP AAA server for sending a text message.
- An access policy that includes items to generate a one-time password (OTP), send the generated password to a user, enable the user to log on, and verify the OTP that the user enters.
About authentication for Microsoft Exchange clients
Additional resources and documentation for BIG-IP Access Policy Manager
BIG-IP Access Policy Manager: Application Access
This guide contains information for an administrator to configure application tunnels for secure, application-level TCP/IP connections from the client to the network.
BIG-IP Access Policy Manager: Authentication Essentials
This guide contains information to help an administrator understand authentication concepts, such as AAA server, SSL certificate, local user database, and so on.
BIG-IP Access Policy Manager: Authentication Methods
This guide contains information describes different types of authentication, including Active Directory, LDAP and LDAPS, RSA SecurID, RADIUS, OCSP, CRLDP, Certificate, TACACS+, and so on.
BIG-IP Access Policy Manager: OAuth Concepts and Configuration
This guide describes OAuth concepts and explains how to configure the system to use OAuth authorization servers, resource servers, and other examples.
BIG-IP Access Policy Manager: SAML Configuration
This guide introduces SAML concepts and provides several examples using APM as a SAML IdP, as a SAML service provider, and others.
BIG-IP Access Policy Manager: Single Sign-On Concepts and Configuration
This guide describes how to configure different types of single sign-on methods, such as HTTP basic, HTTP forms-based, NTLMV1, NTLMV2, Kerberos, OAuth Bearer.
BIG-IP Access Policy Manager: Customization
This guide provides information about using the APM customization tool to provide users with a personalized experience for access policy screens, and errors. An administrator can apply your organization's brand images and colors, change messages and errors for local languages, and change the layout of user pages and screens.
BIG-IP Access Policy Manager: Edge Client and Application Configuration
This guide contains information for an administrator to configure the BIG-IP system for browser-based access with the web client as well as for access using BIG-IP Edge Client and BIG-IP Edge Apps. It also includes information about how to configure or obtain client packages and install them for BIG-IP Edge Client for Windows, Mac, and Linux, and Edge Client command-line interface for Linux.
BIG-IP Access Policy Manager: Implementations
This guide contains implementations for synchronizing access policies across BIG-IP systems, hosting content on a BIG-IP system, maintaining OPSWAT libraries, configuring dynamic ACLs, web access management, and configuring an access policy for routing.
BIG-IP Access Policy Manager: Network Access
This guide contains information for an administrator to configure APM Network Access to provide secure access to corporate applications and data using a standard web browser.
BIG-IP Access Policy Manager: Portal Access
This guide contains information about how to configure APM Portal Access. In Portal Access, APM communicates with back-end servers, rewrites links in application web pages, and directs additional requests from clients back to APM.
BIG-IP Access Policy Manager: Secure Web Gateway
This guide contains information to help an administrator configure Secure Web Gateway (SWG) explicit or transparent forward proxy and apply URL categorization and filtering to Internet traffic from your enterprise.
BIG-IP Access Policy Manager: Third-Party Integration
This guide contains information about integrating third-party products with Access Policy Manager (APM). It includes implementations for integration with VMware Horizon View, Oracle Access Manager, Citrix Web Interface site, and so on.
BIG-IP Access Policy Manager: Visual Policy Editor
This guide contains information about how to use the visual policy editor to configure access policies.
Release notes contain information about the current software release, including a list of associated documentation, a summary of new features, enhancements, fixes, known issues, and available workarounds.
Knowledge base articles are responses and resolutions to known issues, additional configuration instructions, and how-to information.