APM SSO for a downstream forward proxy

Question

Does anyone know a way to make APM SSO work when presented with 407 pages?    &nbsp;
I have a requirement to put APM in front of a 3rd party forward proxy server with APM.   The proxy only supports authentication via NTLM via a 407 page and NTLM.    For a bunch of reasons, I'd like to be able to have users log on once to APM via a form, then when they want to access resources via this proxy have the APM respond to the 407 on their behalf.    APM SSO seems to respond fine to 401 messages, but not 407.&nbsp;
I'm sure that if it was basic auth instead of NTLM in the 407, then I could put together an iRule that built a proxy authorisation header out of session variables.   But that would involve sending credentials in the clear.   So I'd much prefer to use NTLM.  &nbsp;
All ideas warmly appreciated.&nbsp;

kevin_davies_40 · Answer

Create a virtual, attach an iRule, map 407 responses to 401 responses. Point APM at the virtual, point the virtual at the proxy.&nbsp;
The iRule to map responses would be something similar to this&nbsp;
If there are protocol/payload differences it would be up to you to manage them in the iRule. I am not suggesting this would be simple. Click your heels together and check the RFC behaviour in both cases.&nbsp;

Forum Discussion

APM SSO for a downstream forward proxy

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Cisco TACACS+ Config on ISE LTM Pair

Related Content

SSH forward proxy

Forwarding Logs to SIEM Tools via HTTP Proxy for F5 Distributed Cloud Global Log Receiver

SSL Forward Proxy Explained using Wireshark

HTTP Forward Proxy - v3.2

SSL Orchestrator Advanced Use Cases: Forward Proxy Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS