Applies To:
Show VersionsBIG-IP APM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
About HTTP AAA server authentication
An HTTP AAA server directs users to an external web-based server to validate credentials. Access Policy Manager (APM) supports these HTTP authentication types:
- HTTP basic authentication - Directs users to a URI
- HTTP NTLM authentication - Directs users to a URI
- HTTP form-based authentication - Directs users to a form action URL and provides the specified form parameters
- HTTP custom post - Directs users to a POST URL, a submit URL, or a relative URL and provides the specified content
Task summary for HTTP authentication
To set up this configuration, you must first configure one HTTP AAA server that supports the type of authentication that you want: HTTP Basic/NTLM, form-based, or custom post. After you configure an HTTP AAA server, you must add an HTTP Auth action to an access policy and specify the HTTP AAA server that supports the authentication type that you want to use.
Task list
Configuring an AAA server for HTTP Basic/NTLM authentication
Configuring an HTTP AAA server for form-based authentication
Configuring an HTTP AAA server for custom post authentication
Creating an access profile
Using HTTP authentication in an access policy
Overview: Configuring HTTPS authentication
You can configure HTTP AAA authentication to use server-side SSL (HTTPS). To set up this configuration, you must first configure one HTTP AAA server that supports the type of authentication that you want to use: HTTP Basic/NTLM, form-based, or custom post.
HTTP AAA server configuration notes
Configure the HTTP AAA server so that in the Start URI or Form Action field you use:- The http scheme (not https)
- The host name of the external HTTP server (rather than the IP address)
Virtual server configuration notes
Configure the virtual server to use the host name of the external HTTP server; this is the same host name as used in the HTTP AAA server configuration.
DNS configuration notes
The DNS configuration on the BIG-IP system must send traffic to the virtual server instead of the external HTTP server.
Task summary
Before you start these tasks, configure an HTTP AAA server.