Forum Discussion
The-messenger_1
Nimbostratus
NimbostratusActiveSync Client Cert Auth - no password prompt
I've seen a few threads, tagged on to some of them, but still no real solid answers. I would like to know the recommended / best config to implement client certificate authentication for ActiveSync....
Configure 2nd iApp for EAS, keep iRules, attached 'exchange' profile. The APM docs on AskF5 outline on-demand cert auth: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-12-0-0/17.htmlconceptid. The proper APM profile should handle clientless mode.
Configure 2nd iApp for EAS, keep iRules, attached 'exchange' profile. The APM docs on AskF5 outline on-demand cert auth: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-12-0-0/17.htmlconceptid. The proper APM profile should handle clientless mode.
The-messenger
Cirrostratus
CirrostratusThanks Fred!
I have done as you suggest. Configured second iapp with ActiveSync specific selections. Configured ClientSSL profile adding the client authentication information. prior to this I configured our AD Certificate Authority In the Access profile, I have added a client cert inspection branch before the logon page.
Airwatch sends the cert/payload, APM checks for a valid cert, sends on the next step in the policy. iOS and Android devices are checking successfully.
Works great!