For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jhan_Zaib_23357's avatar
Jhan_Zaib_23357
Icon for Nimbostratus rankNimbostratus
Nov 11, 2015

Big-IP APM v11.4.1 requires authentication again and again on IE11

Hi,

 

Evironment detail is: Clients (Windows 7) > Big-IP APM v11.4.1 (Load balancer) > SharePoint Server 2013 (Windows Server 2012)

 

I have deployed a SharePoint app on SharePoint Server. Clients can access SharePoint app properly with Google Chrome but fail on IE11. Noted that AJAX calls are aborted. But IE11 works well when bypassed the load balancer (F5). I have observed that during navigating the app, Google Chrome does not require re-authentication with load balancer but IE11 requires and prompt Windows Authentication screen again and again.

 

As per our understanding could be possibility of following reasons: 1. Google Chrome intelligently persists authentication token at its end and present to F5 whereas IE11 does not. 2. F5 APM has a policy of re-authentication in multi/cross domain communication which IE11 follows. 3. Need to define static SPNs for domains. 4. F5 APM session holds authentication token but not send to SharePoint in case of IE11.

 

So let us know what could be the possible reason and how to handle it?

 

Regards, Jhan Zaib

 

BIG-IP Access Policy Manager (APM)
management
security
storage

1 Reply

  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Nov 11, 2015
    I'd recommend gathering more supporting data before trying to jump to conclusions about what the cause is. Take some decrypted packet captures using ssldump on the Client <---> APM traffic and review the logs. Compare the behavior with Chrome and IE11. The difference between the two (both logging and client comms) should reveal the answer.