For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sanjai_126162's avatar
sanjai_126162
Icon for Nimbostratus rankNimbostratus
Feb 05, 2016

couldnt find sso domain

Hi All,   We are migrating some application from TMG to F5.am facing issue in SSO for all the application eg :sharepoint application.my APM policy is start--> logon page--> AD auth--> SSO--> Allo...
BIG-IP Access Policy Manager (APM)
devops
Andrew_'s avatar
Andrew_
Icon for Nimbostratus rankNimbostratus
Apr 16, 2021

Apologies for adding to an old thread but this came up in my Google search for the sso domain error. So for completeness here is some more details that will hopefully help new F5 admins like myself.

 

I used this guide to set up a test SSO: https://support.f5.com/csp/article/K41357230

 

But I was getting an SSO credentials error when looking at the logging:

"SSO username is empty - SSO is disabled"

"Could not find SSO username, check SSO credential mapping agent setting"

"Could not find SSO password for user '', check SSO credential mapping agent setting"

 

To resolve this I had to add "SSO Credential Mapping" after my AD Auth in the VPE (visual policy editor).

 

This resolved the above errors but I was still receiving the "session.logon.last.domain" empty error as Yan mentioned above the fix is to add an "Variable Assign" after the SSO Cred map that contains:

 

Custom Variable-> session.logon.last.domain

Custom Exression-> <your domain> e.g. mydomain.local

 

Then SSO worked fine to an IIS server with NLMv2 auth.

 

I am unsure why the F5 Guide at the top did not work without adding the additional VPE items?