Lab 6 – BASIC Authentication

In this lab, we will show you how to configure basic authentication leveraging the SSO functionality of APM.


Lab Requirements:

  • BIG-IP with APM licensed and activated
  • Server running AD and Web services
  • Local Host file entries on the Jump Host

Task – Create a Pool

  1. Browse to Local Traffic > Pools and click the ‘+’ next to Pools List to create a new pool.

  2. Name the pool “basic_pool

  3. Assign the monitor “http” by selecting the monitor and moving it to the left.

  4. Add the following “New Member/Node” to the pool and click Finished:

    • Node Name: basic, Address:, Service Port: 80


Task 2: Create a Virtual Server

  1. Browse to Local Traffic > Virtual Servers and click the ‘+’ next to Virtual Server List to create a new one.

  2. Use the following information to create the virtual server and leave other settings as default, then click Finished:

    • Name the pool “basic_vs

    • Destination Address:

    • Service Port: 443

    • HTTP Profile: http

    • SSL Profile (Client): f5demo

    • Source Address Translation: Auto Map

    • Default Pool: basic_pool

Task 3: Testing without APM

Observe the current behavior of the login page without APM authentication.

  1. Open a private browsing window and go to You should receive a prompt that looks similar to the following screen shot:


  2. Enter the following credentials:

    • Username: user
    • Password: Agility1
  3. Once successfully logged in you will see a webpage similar to this one:


  4. Close the private browsing window.

Task 4: Create Access Policy to use with Basic Authentication

  1. Open the Wizards > Device Wizards page.

    1. Select Web Application Access Management for Local Traffic Virtual Servers


    2. Click Next

  2. Click Next for Option 1 on the Configuration Options page


  3. Configure Basic Properties for the policy

    1. For Policy Name enter Basic_Access_Policy

    2. Uncheck “Enable Antivirus Check in Access Policy”


    3. Click Next

  4. Configure Authentication type used for policy

    1. Select Use Existing for the “Authentication Options”

    2. Select Lab_SSO_AD_Server::Active Directory


    3. Click Next

  5. Configure SSO

    1. Select Create New for the “SSO Options”

    2. Choose HTTP Basic

    3. Click Next


  6. Configure Virtual Server

    1. Select Use Existing HTTPS Server

    2. Choose /Common/basic_vs for the Virtual Server**


    3. Click Next

  7. Review configuration and click Next

  8. Review the “Setup Summary”, which shows all (existing and new) objects associated with this new policy.

  9. Click Finished

  10. Add a logout URI Include to the new access policy

    1. Open the Access > Profiles / Policies > Access Profiles (Per-Session Policies) page

    2. Click on the name of the new policy Basic_Access_Policy

    3. Add/Home/Logout” to “Logout URI Include”

    4. Change Logout URI Timeout to 1 second


    5. Click Update

  11. Enable the SSO Configuration

    1. Click on the SSO / Auth Domains tab

    2. For SSO Configuration, select Basic_Access_Policy_sso


    3. Click Update

Task 5: Applying Access Policy

After you create or change an access policy, the link Apply Access Policy appears in yellow at the top left of the BIG-IP Configuration utility screen. You must click this link to activate the access policy for use in your configuration.


  1. Click the Apply Access Policy link, which will bring you to the Apply Access Policy screen, with a list of access policies that have been changed.

  2. Select the Access Policy and click the Apply button (by default, all access policies that are new or changed are selected).


    After you apply the access policy, the Access Profiles list screen is displayed.

Task 6: Testing with APM Authentication

Observe the behavior of the login page with authentication enforced by APM.

  1. Open a private browsing window and go to You should see a page that looks like the following:


  2. Logon with the following credentials:

    Username: user

    Password: Agility1

    Once successfully logged in you will see the same web page observed in task 3:


Task 7: Testing Logout

Earlier in Task 3, Step 9, we defined a Logout URI Include for this Access Policy. This is a list of logoff URIs that the access profile searches for in order to terminate the Access Policy Manager session. The URI we used was /Home/Logout, and the default logout delay is 5 seconds which was modified to 1 second.

  1. Click the Logout link located at the top right of the web pagee
  2. Wait 1 second
  3. Click the “App #1” link in the banner at the top of the page
  4. You should be redirected back to the F5 logon page