Forum Discussion

Nimbostratus

Jun 22, 2015

APM Policy Error when logging in "Session cannot be established"

I am having an issue with APM I am hoping someone can help me with. I currently have a fairly basic policy setup using an external logon page. It then checks two domains to see if the user is part of...

access policy

BIG-IP Access Policy Manager (APM)

redirect

security

Stanislas_Piro2

Cumulonimbus

Jun 22, 2015

Are you sure external logon page POST is working? Did you change "Max Logon Attempts Allowed" to 1 to go through fallback if the user does not exist in the first AD? What is the format of username?

username (SAMAccountName)
Domain\user
username@fqdndomain (userprincipalname)

if provided username is not SAMAccountName, the better way is to define branches in the external logon page with expression like:

expr { [mcget {session.logon.username}] ends_with "@domain1.local" || [mcget {session.logon.username}] ends_with "domain1\\"}

and authenticate on the right AD.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

APM Policy Error when logging in "Session cannot be established"

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

APM : CCU "Full" session VS Access "LTM_APM" session

Logging DNS Requests

Sliding session for "FedAuth" Persistent cookie delivered by ADFS

ASM logs

Reminder: MFA now required to log in to DevCentral

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS