Baffled why authentication doesn't work with Cisco ACS

Question

Has anyone successfully configured ACS 4.2 (talks to Active Directory) and F5 Loadbalancer (BIG-IP 9.3.1 Build 37.1 ) to work together? I have the external server, port, key configured on the F5 and on the ACS I added just the Class field (OU=Groups,DC=localdomain,DC=local). On the ACS the logs indicate that authentication was successful however the F5 management page just hangs there until it kicks back another login prompt. Eventually it'll error out saying something about user not allowed access. Any thoughts?

hoolio · Answer

It would help to capture tcpdumps of the authentication attempts and open a case with F5 Support for this. 
&nbsp;  
&nbsp; Aaron

jelmore_42505 · Answer

I have been using Cisco ACS authentication with BigIP for quite some time without any problems.  Did you create a local account on the f5 that matches the username you are trying to authenticate with on the ACS?  I am sure this is not your problem but make sure you are not trying to use the management interface on your F5 for your ACS traffic since that is not supported.

js55161_47239 · Answer

You can only map users to one role account i.e. Admin in version 10. In version 9 you still have to add the users to the big-ip manually and also in ACS or Active Directory if you are using external DB for authentication.

Forum Discussion

Baffled why authentication doesn't work with Cisco ACS

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

iControl REST Authentication Token Management

Application Programming Interface (API) Authentication types simplified

Two-Factor Authentication With Google Authenticator And APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS