Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

JoeTheFifth's avatar
JoeTheFifth
Icon for Altostratus rankAltostratus
Oct 22, 2018

APM/MsOFFICE: ACCESS:disable after decision box

I have a VS with an APM policy. Policy starts with a decision box.   OptionA => Domain users (multiple forests).   OptionsB => External user.   Authentication for option B in interna domai...
application delivery
BIG-IP Access Policy Manager (APM)
irules
JoeTheFifth's avatar
JoeTheFifth
Icon for Altostratus rankAltostratus
Oct 27, 2018

Policy flow is here:

 

The 401 response sent to the office client is generating a 401 auth popup to which the client is not responding.

 

So mainly what I do is: First request of browser with no cookie (cookie named truted) => enable APM and present a decision box. If AD is chosen then set the cookie and redirect the request so it the client retries and with the cookie set APM is disabled and sso with current user is done. If you run office now and you used IE in the first request you're ok => office uses the "trusted cookie" and does work with apm disabled. If you use firefox or chrome the sso does not work after apm is enabled to make the choice. I tried forcing office to retry the request but no luck.