F5’s BIG-IP Access Policy Manager (APM) or Access Manager is a flexible, high-performance, centralized access management and security solution that delivers contextual, unified global access to your applications and network as well as to the Internet.
This Knowledge Base article provides step-by-step instructions for using Appdome to add F5 APM SSO to mobile apps, both Android and iOS.
We hope you find this knowledge base useful and enjoy using Appdome!
About Adding F5 APM SSO to Mobile Apps on Appdome
Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily integrate F5 APM SSO to mobile apps – instantly, no code or coding required.
Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there are no required infrastructure changes and no dependency on SAML, OAuth, OpenID Connect or any other authentication standard inside the app. The Appdome technology adds F5 APM SSO and relevant standards, frameworks and more to the app automatically, with no manual development work at all.
Using Appdome, mobile apps will use F5 APM SSO to authenticate users as if F5 APM SSO was natively coded to the app. Appdome for F5 APM SSO is compatible with mobile apps built in any development environment including Native Android and iOS apps, hybrid apps and non-native apps built in Xamarin, Cordova, and React Native, Ionic and more. This streamlines implementations, cuts development work, and ensures a guaranteed and consistent integration of F5 APM SSO to mobile apps.
The following diagram illustrates the Single-Sign-On flow within the app when integrating F5 APM as a cloud provider:
- The application sends a request to reach an unauthorized resource (protected by a gateway, AD, or the app server itself)
- The server protecting the resource responds with 401 or 30X response since the request is not authorized
- Appdome identifies the response for the protected resource and opens an internal Webview within the Fused App
- The internal Webview is opened on the F5 APM Hub URL
- The user can now authenticate using any authentication method the hub URL requires, during the authorization session, the cookies and authorization token are received
- The APM server redirects to the successful URI since the authorization succeeded
- Appdome identifies the successful URI redirect and closes the internal Webview, thus returning the view to the original app
- Once the app tries to reach the protected resource, Appdome will attach the authorization header or cookies to the outgoing request, the gateway will trust these credentials, and the app will reach the protected resource successfully
Prerequisites for using Appdome for F5 APM SSO
In order to use Appdome’s no code implementation of F5 Access Policy Manager SSO on Appdome, you’ll need:
- Appdome account
- Mobile App (.ipa for iOS, or .apk for Android)
- F5 APM Hub URL
- Authentication Successful URI
- APM Protected resource
- F5 Client ID
- F5 Token URL
- Signing Credentials (e.g., signing certificates and provisioning profile)
- For the authentication to succeed the following components need to be configured on the F5 Big-IP server:
- Resource Server
- Client Application
- OAuth Profile
If you these components are not configured on your F5 instance, see How to Configure an Oauth 2 Server in F5 BIG-IP.
How to Add F5 APM SSO to Mobile Apps on Appdome
Follow these step-by-step instructions to add F5 APM SSO to Any Mobile App:
Upload a Mobile App to Your Account
From the “Fuse” tab, Add F5 APM Identity
- Select the Fuse tab. Note: a blue underline will appear showing the step is active
- Select the Authentication category. Note: a blue highlight will appear showing the category is active.
- Click + Add Profile, and select F5 Access Policy Manager from the drop-down menu.
Configure your F5 Access Policy Manager bundle:
- You can Add specific URLs to apply the authentication to, or leave “all” to apply to all URLs accessed by the app.
- Enter the URL for your OAuth Server Authorization Endpoint
- Enter the URI for Redirect URI
If your deployment uses Open ID:
- Enable OpenID Authentication
- Enter the Client ID
- Enter the Token URL
- Enter the Client Secret (Optional)
- Add additional Scopes (Optional)
- Click Fuse My App
After Adding F5 APM SSO on Appdome
After you have added F5 APM SSO to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Add Context™ to the Appdome-Fused App
Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.
Sign the F5 APM-SSO enabled Appdome-Fused App (Required)
In order to deploy an Appdome-Fused app, it must be signed. Signing iOS app and Signing an Android app are easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.
Deploy the Appdome-Fused App to a Mobile Device
Once you have signed your Appdome-Fused app, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome-Fused apps, please read this knowledge base.
That is it – Enjoy Appdome for F5 Access Policy Manager SSO in your app!
How Do I Learn More?
If you have any questions around adding F5 APM SSO to mobile apps, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.