Forum Discussion

Cirrocumulus

Sep 08, 2022

Solved

ADFS Proxy, APM, ASM Craziness

Hi, We've been doing some testing recently with using the APM Proxy for ADFS which is basically a check box in the APM section of a virtual server that allows one to establish a trust with the ADFS ...

application delivery

security

Nikoolayy1
Nov 04, 2022
Ah got it as it seems like some guided configs F5 is using an internal iApp LX based on node js to make this magic and probably 404 is configured there.

Nikoolayy1

MVP

Oct 10, 2022

I created a test adfs config and I take my words back as by default the ADFS config shouldn't provide any URL protections but if you modified it and if the ASM/Advanced WAF is the one doing this as it could block without returning custom page if someone has made it so.

ADFS config with APM authentication and F5 SMS OTP:

JustCooLpOOLe

Cirrocumulus

Nov 03, 2022

We're working with support on this issue but there is no APM policy that is in use for ADFS. We are using the ADFS Trust portion that shows on a Virtual Server where you enter in Domain Admin creds to establish the trust and a certificate is autorenewed with the ADFS servers. That's where you see that anything which does not include a "/adfs" is presented with a 404. No ASM policy is in play.

Nikoolayy1
MVP
Nov 04, 2022
Ah got it as it seems like some guided configs F5 is using an internal iApp LX based on node js to make this magic and probably 404 is configured there.
- JustCooLpOOLe
  Cirrocumulus
  Nov 10, 2022
  Definitely a nice feature but if you're trying to put an AWAF policy in front, the violations are never triggered. Looking into having a virtual server placed in front of the ADFS virtual server but that is challenging too
  - WAQAR_IRSHAD
    Nimbostratus
    Dec 12, 2022
    Hi
    I am in planning stage to configure same scenario asm infront of adfs, kindly may you guide me the challenges you are encountring?