Form SSO profiles

To enable and configure forms-based SSO, you first create an SSO profile.

Note

  • Forms-based single sign-on does not work if the form is customized to include Javascript.
  • In this feature, the terms “profile” and “action” mean the same thing.

To create a form SSO profile by using the command line interface

At the command prompt, type:

  • add tm formSSOAction <name> -actionURL <URL> -userField <string> -passwdField <string> -ssoSuccessRule <expression> [-nameValuePair <string>] [-responsesize <positive_integer>][-nvtype ( STATIC | DYNAMIC )][-submitMethod ( GET | POST )]
  • show tm formSSOAction [<name>]

Example

add tm formSSOAction SSO-Prof-1 -actionURL "/logon.php"
-userField "loginID" -passwdField "passwd"
-nameValuePair "loginID passwd" -responsesize "9096"
-ssoSuccessRule "HTTP.RES.HEADER("Set-Cookie").CONTAINS("LogonID")"
-nvtype STATIC -submitMethod GET
–sessTimeout 10 -defaultAuthorizationAction ALLOW

To modify a form SSO by using the command line interface

At the command prompt, type:

set tm formSSOAction <name> -actionURL <URL> -userField <string> -passwdField <string> -ssoSuccessRule <expression> [-nameValuePair <string>] [-responsesize <positive_integer>][-nvtype ( STATIC | DYNAMIC )][-submitMethod ( GET | POST )]

Example


set tm formSSOAction SSO-Prof-1 -actionURL "/logon.php"
-userField "loginID" -passwdField "passwd"
-ssoSuccessRule "HTTP.RES.HEADER("Set-Cookie").CONTAINS("LogonID")"
-nameValuePair "loginID passwd" -responsesize "9096"
-nvtype STATIC -submitMethod GET
–sessTimeout 10 -defaultAuthorizationAction ALLOW

To remove a form SSO profile by using the command line interface

At the command prompt, type:

rm tm formSSOAction <name>

Example

rm tm sessionAction SSO-Prof-1

To configure form SSO profiles by using the configuration utility

  1. Navigate to Security > AAA - Application Traffic > Policies > Traffic.
  2. In the details pane, click the Form SSO Profiles tab.
  3. On the Form SSO Profiles tab, do one of the following:
    • To create a new form SSO profile, click Add.
    • To modify an existing form SSO profile, select the profile, and then click Edit.
  4. In the Create Form SSO Profile or Configure Form SSO Profile dialog, specify values for the parameters:
    • Name*—name (Cannot be changed for a previously configured session action.)
    • Action URL*—actionURL
    • User Name Field*—userField
    • Password Field*—passField
    • Expression*—ssoSuccessRule
    • Name Value Pair—nameValuePair
    • Response Size—responsesize
    • Extraction—nvtype
    • Submit Method—submitMethod
  5. Click Create or OK, and then click Close. The form SSO profile that you created appears in the Traffic Policies, Profiles, and Form SSO Profiles pane.