Forum Discussion

Cirrocumulus

Sep 08, 2022

ADFS Proxy, APM, ASM Craziness

Hi, We've been doing some testing recently with using the APM Proxy for ADFS which is basically a check box in the APM section of a virtual server that allows one to establish a trust with the ADFS ...

application delivery

security

Nikoolayy1
Nov 04, 2022
Ah got it as it seems like some guided configs F5 is using an internal iApp LX based on node js to make this magic and probably 404 is configured there.

JustCooLpOOLe

Cirrocumulus

We're working with support on this issue but there is no APM policy that is in use for ADFS. We are using the ADFS Trust portion that shows on a Virtual Server where you enter in Domain Admin creds to establish the trust and a certificate is autorenewed with the ADFS servers. That's where you see that anything which does not include a "/adfs" is presented with a 404. No ASM policy is in play.

Nikoolayy1

MVP

Nov 04, 2022

Ah got it as it seems like some guided configs F5 is using an internal iApp LX based on node js to make this magic and probably 404 is configured there.

JustCooLpOOLe
Cirrocumulus
Nov 10, 2022
Definitely a nice feature but if you're trying to put an AWAF policy in front, the violations are never triggered. Looking into having a virtual server placed in front of the ADFS virtual server but that is challenging too
- WAQAR_IRSHAD
  Nimbostratus
  Dec 12, 2022
  Hi
  I am in planning stage to configure same scenario asm infront of adfs, kindly may you guide me the challenges you are encountring?
  - JustCooLpOOLe
    Cirrocumulus
    Dec 12, 2022
    We ended up putting a virtual server for the AWAF policy and then sending it back to the ADFS virtual server.
    Traffic -> AWAF VIP -> ADFS VIP
    It would prefer if we could do everything on one VS but since APM is evaluated before AWAF, no violations will be triggered. One day F5 may re-evalute it but today is not that day...haha.