SAML version 2.0 in BIG-IQ® Centralized Management specifies an SSO profile that involves exchanging information among an identity provider (IdP), a service provider (SP), and a user. The IdP can be any SSO service offering SAML authentication services
BIG-IQ® Centralized Management® supports the following SSO authentication methods.
|HTTP Basic||BIG-IQ uses the cached user identity and sends the request with the authorization header. This header contains the token
|HTTP Forms||Upon detection of the start URL match, BIG-IQ uses the cached user identity to construct and send the HTTP form-based post request on behalf of the user.|
|HTTP NTLM Auth v1||NTLM employs a challenge-response mechanism for authentication, where the users can prove their identities without sending a password to the server.|
|HTTP NTLM Auth v2||NTLM employs a challenge-response mechanism for authentication, where the users can prove their identities without sending a password to the server. This version of NTLM is an updated version from NTLM v1.|
|Kerberos||This provides transparent authentication of users to Windows Web application servers (IIS) joined to Active Directory domain. It is used when IIS servers request Kerberos authentication; this SSO mechanism allows the user to get a Kerberos ticket and have BIG-IQ present it transparently to the IIS application.|
|OAuth bearer||You create an OAuth bearer SSO configuration when you want to allow single-sign on using an OAuth token that BIG-IQ has gotten or validated from an external OAuth authorization server.|
You configure an SSO profile to set up the BIG-IQ system for single sign-on.