I've been asked to research the best path to provide SSO functionality
for our remote users to a few applications and I'm hoping someone can
help lead me to the best way to do that. First, I'll explain our

Public External IP Space:

Public DMZ IP Space:
-NAM SSL VPN external:

Private IP Space:
-NAM SSL VPN internal:
-App1 web server:
--App1 sub-app pool:
-App2 web server

App1 and App2 both utilize our NDS LDAP for authentication and have a
simple username/password webform on their main page.
The sub-apps for app1 require users be internal or connected to our SSL
VPN for connectivity due to protocols being used and patient data.

Our SSL VPN is a protected resource by the AG.

The goal:
To have remote users log into the VPN, enter a URL and enter a URL
that takes them to app1 (and another url for app2) that logs them into
the app automatically. My understanding is that the Access Gateway's
form fill policies can do this, but I'm not sure how the routing would
be feasible so that the traffic would pass through the AG and push the
form fill policy to the app.

I've thought about adding another AG that sits on the internal network
just so we can use it for such activities, but I'm not sure if that's
the best way to go or how to make sure session information passing from
one AG to the other.

Any suggestions or direction on how to best handle this would be much

djaquays's Profile: https://forums.netiq.com/member.php?userid=2530
View this thread: https://forums.netiq.com/showthread.php?t=47015