F5 Identity and Access Management Solutions

Contents:

  • 100 Series: Zero Trust Application Access (ZTAA)
  • 200 Series: Assisted Deployment Use Cases
  • 300 Series: Advanced Use Cases & Solutions
  • Archived Identity & Access Management Labs
    • 100 Series: Access Foundational Concepts
      • 101 - Intro to Access Foundational Concepts
      • 102- Access Building Blocks
      • 103- Webtop Features
    • 100 Series: Access Foundational Concepts
    • Class 2: OAuth Federation with F5
    • 200 Series: Assisted Deployment Use Cases
    • Class 3: SWG - Securing Outbound Internet Access
    • 300 Series: Advanced Use Cases & Solutions
    • 400 Series: Access Automation
    • 500 Series: Troubleshooting
    • Class 6: Federating Common Services
    • Class 7: Introduction to Universal Access
    • Class 9: Multi-Factor Auth for Cloud Applications
On this page:
  • Lab 1: Webtop Links
    • Task 1 - Setup Lab Environment
    • Task 2 - Create a Webtop
    • Task 3 - Create a webtop Link Resource
    • Task 4 - Add a Webtop Resource to an existing Policy
    • Task 5 - Test the Configuration
    • Task 9 - Lab Cleanup
F5 Identity and Access Management Solutions > Archived Identity & Access Management Labs > 100 Series: Access Foundational Concepts Source | Edit on

Version notice:

Lab 1: Webtop Links¶

A full webtop provides an access policy ending for an access policy branch to which you can optionally assign portal access resources, app tunnels, remote desktops, and webtop links, in addition to network access tunnels.

In this lab you will explore how to create a Webtop Link resource that will enable an administrator to add bookmarks to commonly used Webpages that do not require rewriting. Webtop links point to external sites or even other sites hosted and protected by BIG-IP APM Virtual Servers.

Task 1 - Setup Lab Environment¶

To access your dedicated student lab environment, you will require a web browser and Remote Desktop Protocol (RDP) client software. The web browser will be used to access the Lab Training Portal. The RDP client will be used to connect to the Jump Host, where you will be able to access the BIG-IP management interfaces (HTTPS, SSH).

  1. Click DEPLOYMENT located on the top left corner to display the environment

  2. Click ACCESS next to jumpohost.f5lab.local

    image001

  3. Select your RDP resolution.

  4. The RDP client on your local host establishes a RDP connection to the Jump Host.

  5. Login with the following credentials:

    • User: f5lab\user1
    • Password: user1

  6. After successful logon the Chrome browser will auto launch opening the site https://portal.f5lab.local. This process usually takes 30 seconds after logon.

  7. Click the Classes tab at the top of the page.

    image002

  8. Scroll down the page until you see 102 Webtop Features on the left

    image003

  9. Hover over tile Webtop Links. A start and stop icon should appear within the tile. Click the Play Button to start the automation to build the environment

    image004 image005

  10. The screen should refresh displaying the progress of the automation within 30 seconds. Scroll to the bottom of the automation workflow to ensure all requests succeeded. If you experience errors try running the automation a second time or open an issue on the Access Labs Repo.

    image006

Task 2 - Create a Webtop¶

  1. From a browser navigate to https://bigip1.f5lab.local

  2. Login with username admin and password admin

    image009

  3. Navigate to Access >> Webtops >> Webtop Lists >> click the Plus Sign(+).

    image010

  4. Enter the Name full-webtop

  5. From the Type dropdown menu select Full

  6. Click Finished.

    image011

Task 3 - Create a webtop Link Resource¶

  1. Navigate to Access > Webtops > Webtop Links >> click the Plus Sign(+).

    image012

  2. Enter the Name F5

  3. From the Link Type dropdown menu select Application URI

  4. Enter the Application URI https://www.f5.com

  5. Enter the Caption F5

  6. Click Finished

    image013

Task 4 - Add a Webtop Resource to an existing Policy¶

  1. Navigate to Access > Profiles / Policies > Access Profiles (Per-Session Policies),

    image014

  2. Click on Edit for webtop-psp.

    image015

  3. Click the Plus Sign(+) in between the AD Auth policy item and the Allow Terminal .

    image016

  4. Click on the Assignment Tab

  5. Select the Advanced Resource Assign radio button

  6. Click Add Item

    image017

  7. Click the Add New Entry button.

  8. Click the Add/Delete button

    image018

  9. Click on the Webtop Links tab

  10. Select the radio button for /Common/F5

    image019

  11. Click on the Webtop tab

  12. Select the radio button for /Common/full-webtop

  13. Click the Update button at the bottom of the screen.

    image020

  14. Click Save.

    image021

  15. At the top left of the browser window, click on Apply Access Policy

    image022

Task 5 - Test the Configuration¶

  1. Open a New Incognito web browser and navigate to https://webtop.acme.com.

  2. Enter the following credentials:

    Username: user1
    Password: user1

  3. Click Logon.

    image023

    Note

    This will open the APM landing page that shows the resources you are allowed to access. In this lab, we’ve only configured a single resource but you can add as many as you want and they will appear on this Webtop page.

  4. Click the F5 Resource on the webtop

    image024

  5. You are redirected to the https://www.f5.com website.

image025

Task 9 - Lab Cleanup¶

  1. From a browser on the jumphost navigate to https://portal.f5lab.local

  2. Click the Classes tab at the top of the page.

    image002

  3. Scroll down the page until you see 102 Webtop Features on the left

    image003

  4. Hover over tile Webtop Links. A start and stop icon should appear within the tile. Click the Stop Button to trigger the automation to remove any prebuilt objects from the environment

    image004 image007

  5. The screen should refresh displaying the progress of the automation within 30 seconds. Scroll to the bottom of the automation workflow to ensure all requests succeeded. If you experience errors try running the automation a second time or open an issue on the Access Labs Repo.

    image008

  6. This concludes the lab.

    image000

Previous Next