Forum Discussion
AltostratusF5 apm adfs/o365 with mobile apps
For some of the mobile apps, such as Onedrive and outlook, adfs forces the use of form based authentication, which with the iapp, does not get any sso treatment.
Has anyone managed to work around this? And if so how?
I attempted the following:
when ACCESS_ACL_ALLOWED { if { ([string tolower [URI::query [HTTP::uri] wauth]] contains "microsoft") } { log local0. "wauth: [HTTP::header Content-Length] [HTTP::method] [HTTP::uri]" WEBSSO::select [set foo /Common/adfs_form_based_sso] } }
And it does appear that it is working, except the authentication fails. I have tested down to copying the post request to the backend server replacing f5-sso-token with the real password, and it works.
2 Replies
Stanislas_Piro2Cumulonimbus
Hi,
I had the same need and I preferred to change user agent instead of changing SSO profile:
TerrenceNimbostratus
I just wanted to close this off. I spoke with Michael Koyfman, who suggested that I check the deployment guide again. After rereading the design guide, the optional section "Supporting Forms SSO for SharePoint or CRM when using claims-based auth in AD FS" does infact define the forms based authentication which resolves the double authentication for onedrive and Microsoft Outlook app.
