Forum Discussion

EastCoast_16835's avatar
Icon for Nimbostratus rankNimbostratus
Aug 15, 2017

APM with ADFS + Extended Protection

Hello, I am trying to implement F5 as a load balancer for an ADFS server farm. It works well if SSL connections from clients to ADFS are tunneled thru F5 without decryption. However if I enable SSL bridging on F5 (i.e. SSL connections are terminated on F5) the ADFS SSO authentication stops working.


It looks like ADFS is using a new feature called Extended Protection. This feature is a protection from man-in-the-middle proxies.


If I disable the Extended Protection in ADFS as follows, everything works well.


Set-ADFSProperties -ExtendedProtectionTokenCheck:None


I have not encountered any mention about disabling this Extended Protection feature in any F5 guide for ADFS integration.




Is it really necessary to disable Extended Protection? Is there any way to make it work properly with an F5 doing SSL bridge?


1 Reply