Manual Chapter :
Single Sign-On
Applies To:
Show Versions
BIG-IQ Centralized Management
- 6.0.0
Single Sign-On
About SSO profiles
SAML version 2.0 in BIG-IQ® Centralized Management specifies an SSO profile that involves exchanging information among an identity provider (IdP), a service provider (SP), and a user. The IdP can be any SSO service offering SAML authentication services
What are the supported SSO methods?
BIG-IQ® Centralized Management® supports the following SSO authentication methods.
SSO method | Description |
---|---|
HTTP Basic | BIG-IQ uses the cached user identity and sends the request with the authorization header. This header contains the token Basic and the base64-encoded for the user name, colon, and the password. |
HTTP Forms | Upon detection of the start URL match, BIG-IQ uses the cached user identity to construct and send the HTTP form-based post request on behalf of the user. |
HTTP Forms - Client Initiated | Upon detection of the request for logon page (URI, header, or cookie that is configured for matching the request), BIG-IQ generates JavaScript code, inserts it into the logon page and returns the logon page to the client, where it is automatically submitted by inserted JavaScript. BIG-IQ processes the submission and uses the cached user identity to construct and send the HTTP form-based post request on behalf of the user. |
HTTP NTLM Auth v1 | NTLM employs a challenge-response mechanism for authentication, where the users can prove their identities without sending a password to the server. |
HTTP NTLM Auth v2 | NTLM employs a challenge-response mechanism for authentication, where the users can prove their identities without sending a password to the server. This version of NTLM is an updated version from NTLM v1. |
Kerberos | This provides transparent authentication of users to Windows Web application servers (IIS) joined to Active Directory domain. It is used when IIS servers request Kerberos authentication; this SSO mechanism allows the user to get a Kerberos ticket and have BIG-IQ present it transparently to the IIS application. |
OAuth bearer | You create an OAuth bearer SSO configuration when you want to allow single-sign on using an OAuth token that BIG-IQ has gotten or validated from an external OAuth authorization server. |
Configure an SSO profile
You configure an SSO profile to set up the BIG-IQ system for single sign-on.
The new SSO profile displays in the SSO Profiles list.
Create an NTLMV1 SSO configuration
Configure NTLM authentication to employ a challenge-response mechanism for authentication, where the users can prove their identities without sending a password to a server.
The NTLMV1 SSO object is created, and displays in the NTLMV1 list.
Create an NTLMV2 SSO configuration
The NTLM authentication method employs a challenge-response mechanism for authentication, where the users can prove their identities without sending a password to a server.
The NTLMV2 SSO object displays in the NTLMV2 list.
Create an HTTP Basic SSO configuration
With the HTTP Basic method of authentication, the SSO plug-in uses the cached user identity and sends the request with the authorization header. This header contains the Basic token and the base64-encoding of the user name, colon, and the password.
The HTTP basic SSO object displays in the HTTP Basic SSO list.
Create an HTTP form-based SSO configuration
With the HTTP forms method of authentication, upon detection of the start URL match, the SSO plug-in uses the cached user identity to construct and send the HTTP form-based POST request on behalf of the user.
The HTTP form-based SSO object displays in the Form Based list.
Create an HTTP Forms client-initiated SSO configuration
The HTTP forms client-initiated authentication method support web applications that run JavaScript in the browser and need to maintain application state during the logon process and for web applications that present multiple logon screens.
The HTTP form client-initiated object displays in the HTTP FormS-Client Initiated list.
Create an HTTP form-based SSO configuration
With the HTTP forms method of authentication, upon detection of the start URL match, the SSO plug-in uses the cached user identity to construct and send the HTTP form-based POST request on behalf of the user.
The HTTP form-based SSO object displays in the Form Based list.
Create an OAuth bearer SSO configuration
You create an OAuth bearer SSO configuration when you want to allow single-sign on using an OAuth token that BIG-IQ has gotten or validated from an external OAuth authorization server.
The OAuth bearer object displays in the OAuth Bearer list.
Create an HTTP Forms client-initiated SSO configuration
The HTTP forms client-initiated authentication method support web applications that run JavaScript in the browser and need to maintain application state during the logon process and for web applications that present multiple logon screens.
The HTTP form client-initiated object displays in the HTTP FormS-Client Initiated list.