Manual Chapter :
Creating a per-session policy for the SAML step-up authentication
example
Applies To:
Show VersionsBIG-IP APM
- 15.0.1, 15.0.0
Creating a per-session policy for the SAML step-up authentication
example
Here you create the per-session policy that
is used for the SAML step-up authentication example. The per-session policy presents a
logon page and uses Active Directory to authenticate users attempting to access
resources behind a virtual server.
- On the Main tab, click.
- ClickCreateto create a per-session policy:
- Call itexample_com.
- SetProfile TypetoLTM-APM.
- SetProfile ScopetoProfile.
- Select the accepted languages.
- ClickFinished.
The policy is listed in the Access Profiles (Per-Session Policies) list. - In the Per-Session Policy column of the example.com policy, clickEdit.The visual policy editor opens the per-session policy in a separate screen.
- In the policy, click(+)to add an item.
- From the Logon tab, selectLogon PagethenAdd Item.
- Use default values for the Logon Page or customize it, then clickSave.ClickHelpfor details on the fields.
- On the right of the Logon Page, click(+)and from the Authentication tab, selectAD AuththenAdd Item.
- In the popup, forServer, select the previously configured Active Directory server, use the default values for the rest of the fields, and clickSave.
- In the policy, click one of the Deny endings and change it toAllow.
You created a per-session policy that
authenticates users at the edge of the network with a login page and active directory
authentication. The per-session policy you created looks like this:
Next, create the per-request policy where the
system performs additional, SAML step-up authentication on requests for sensitive
information.