Forum Discussion

elastic_82555's avatar
elastic_82555
Icon for Nimbostratus rankNimbostratus
Apr 26, 2013

kerberos and ntlm authentication using APM

Hi,

 

I have setup sharepoint 2010 iApp, using NTLM authentication and it is working well(using the F5 login page), however, I now have a requirement to use kerberos authentication, as well as NTLM. In effect, if the kerberos is not present, then the NTLM should be used as the default. Another requirement, is that if a user is already logged into their windows 7 workstation, then their credentials should be silently passed to the F5 to allow kerberos authentication "transparently" without the user having to see a login page.

 

Currently I have read many documents, but settled on the "Access policy manager, Single Sign On configuration guide" for v11.3(HF3). This details the NTLM setup nicely and also a "client based certificate" setup using kerberos. Whilst this is instructive, it does not actually help, as my scenario does not involve client side certificates(unless I am mistaken). I have created a kerberos SSO config, and am at the stage of editing the access policy, but it is at this piont, where I seem to have a lot of choices and not much documentation. Has anyone done this already, and could offer me any pionters. As a first off, I would like to just get kerberos SSO working, then I could work on getting both NTLM and Kerberos.

 

any links to documentation, or even better a similar example would be extemely appreciated.

 

 

thanks

 

Sc0tt....

 

 

 

13 Replies

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_MetaNav\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Community_Quicklinks\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[\"message:190462\"],\"name\":\"ForumMessagePage\",\"props\":{},\"url\":\"https://community.f5.com/discussions/technicalforum/kerberos-and-ntlm-authentication-using-apm/190462\"}}})":{"__typename":"ComponentRenderResult","html":"
Under Attack? F5 Will Help You.
Contacting F5 Support?

 
DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5
"}},"componentScriptGroups({\"componentId\":\"custom.widget.Community_Quicklinks\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[\"message:190462\"],\"name\":\"ForumMessagePage\",\"props\":{},\"url\":\"https://community.f5.com/discussions/technicalforum/kerberos-and-ntlm-authentication-using-apm/190462\"}}})":{"__typename":"ComponentRenderResult","html":"
 
 
 
 
 

\"F5 ©2024 F5, Inc. All rights reserved.
Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information
"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[\"message:190462\"],\"name\":\"ForumMessagePage\",\"props\":{},\"url\":\"https://community.f5.com/discussions/technicalforum/kerberos-and-ntlm-authentication-using-apm/190462\"}}})":{"__typename":"ComponentRenderResult","html":" "}},"componentScriptGroups({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[\"message:190462\"],\"name\":\"ForumMessagePage\",\"props\":{},\"url\":\"https://community.f5.com/discussions/technicalforum/kerberos-and-ntlm-authentication-using-apm/190462\"}}})":{"__typename":"ComponentRenderResult","html":"
"}},"componentScriptGroups({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"featuredContentWidget({\"coreNodeId\":\"board:TechnicalForum\",\"instanceId\":\"featuredWidgets.widget.featuredContentWidget-1705956211049\",\"quiltId\":\"ForumMessagePage\"})":{"__typename":"FeaturedContentWidget","messages({\"first\":3})":{"__typename":"MessageConnection","totalCount":2,"edges":[{"__typename":"MessageEdge","node":{"__ref":"TkbTopicMessage:message:342325"}},{"__typename":"MessageEdge","node":{"__ref":"TkbTopicMessage:message:342422"}}],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null}},"lastModified":1752601745989,"lastModifiedUser":{"__ref":"User:user:7"}},"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/EscalatedMessageBanner\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/EscalatedMessageBanner-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserRank\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserRank-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSolvedBadge\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSolvedBadge-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageCustomFields\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageCustomFields-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageReplyButton\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageReplyButton-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageListMenu\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageListMenu-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/AcceptedSolutionButton\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/AcceptedSolutionButton-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMorePreviousNextLinkable\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMorePreviousNextLinkable-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewCard\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewCard-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/customComponent/CustomComponent\"]})":[{"__ref":"CachedAsset:text:en_US-components/customComponent/CustomComponent-1751557989989"}],"message({\"id\":\"message:190467\"})":{"__ref":"ForumReplyMessage:message:190467"},"message({\"id\":\"message:190468\"})":{"__ref":"ForumReplyMessage:message:190468"},"message({\"id\":\"message:190469\"})":{"__ref":"ForumReplyMessage:message:190469"},"message({\"id\":\"message:190470\"})":{"__ref":"ForumReplyMessage:message:190470"},"message({\"id\":\"message:190471\"})":{"__ref":"ForumReplyMessage:message:190471"},"message({\"id\":\"message:190472\"})":{"__ref":"ForumReplyMessage:message:190472"},"message({\"id\":\"message:190463\"})":{"__ref":"ForumReplyMessage:message:190463"},"message({\"id\":\"message:190464\"})":{"__ref":"ForumReplyMessage:message:190464"},"message({\"id\":\"message:190465\"})":{"__ref":"ForumReplyMessage:message:190465"},"message({\"id\":\"message:190466\"})":{"__ref":"ForumReplyMessage:message:190466"},"coreNode({\"id\":\"community:zihoc95639\"})":{"__ref":"Community:community:zihoc95639"},"message({\"id\":\"message:342325\"})":{"__ref":"TkbTopicMessage:message:342325"},"message({\"id\":\"message:342422\"})":{"__ref":"TkbTopicMessage:message:342422"},"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/ranks/UserRankLabel\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"components/tags/TagView/TagViewChip\"]})":[{"__ref":"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1751557989989"}],"cachedText({\"lastModified\":\"1751557989989\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1751557989989"}]},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"User:user:-1":{"__typename":"User","id":"user:-1","entityType":"USER","eventPath":"community:zihoc95639/user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US","en-GB","fr-FR","de-DE","ja-JP","pt-PT","pt-BR","es-ES"]},"repliesSortOrder":{"__typename":"InheritableStringSettingWithPossibleValues","key":"config.user_replies_sort_order","value":"DEFAULT","localValue":"DEFAULT","possibleValues":["DEFAULT","LIKES","PUBLISH_TIME","REVERSE_PUBLISH_TIME"]}},"deleted":false},"CachedAsset:pages-1752585745251":{"__typename":"CachedAsset","id":"pages-1752585745251","value":[{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI.GetInvolved.MvpProgram","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved/mvp-program","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI.GetInvolved.AdvocacyProgram","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved/advocacy-program","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI.GetHelp.NonCustomer","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/non-customer","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI.GetHelp.F5Customer","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/f5-customer","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"WorkstreamsPage","type":"COMMUNITY","urlPath":"/workstreams","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI.GetInvolved","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI.Learn","type":"COMMUNITY","urlPath":"/c/how-do-i/learn","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1739501996000,"localOverride":null,"page":{"id":"Test","type":"CUSTOM","urlPath":"/custom-test-2","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI.GetHelp.Community","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/community","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI.GetInvolved.ContributeCode","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved/contribute-code","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI.Learn.AboutIrules","type":"COMMUNITY","urlPath":"/c/how-do-i/learn/about-irules","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI.GetHelp.F5Support","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/f5-support","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI.GetHelp","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI.GetHelp.SecurityIncident","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/security-incident","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1752585745251,"localOverride":null,"page":{"id":"HowDoI","type":"COMMUNITY","urlPath":"/c/how-do-i","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}","userBanned":"We're sorry, but you have been banned from using this site.","userBannedReason":"You have been banned for the following reason: {reason}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstNDEtSzFzVEth\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/cmstNDEtSzFzVEth","height":0,"width":0,"mimeType":"image/svg+xml"},"Rank:rank:41":{"__typename":"Rank","id":"rank:41","position":18,"name":"Nimbostratus","color":"CCCCCC","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstNDEtSzFzVEth\"}"},"rankStyle":"FILLED"},"User:user:56845":{"__typename":"User","id":"user:56845","uid":56845,"login":"elastic_82555","deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-9.svg?time=0"},"rank":{"__ref":"Rank:rank:41"},"email":"","messagesCount":22,"biography":null,"topicsCount":6,"kudosReceivedCount":0,"kudosGivenCount":0,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2012-09-14T01:00:00.000-07:00","confirmEmailStatus":null},"followersCount":null,"solutionsCount":0,"entityType":"USER","eventPath":"community:zihoc95639/user:56845"},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","entityType":"CATEGORY","displayId":"Forums","nodeType":"category","depth":1,"title":"Forums","shortTitle":"Forums","parent":{"__ref":"Category:category:top"},"categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:top":{"__typename":"Category","id":"category:top","entityType":"CATEGORY","displayId":"top","nodeType":"category","depth":0,"title":"Top","shortTitle":"Top"},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","entityType":"FORUM","displayId":"TechnicalForum","nodeType":"board","depth":2,"conversationStyle":"FORUM","repliesProperties":{"__typename":"RepliesProperties","sortOrder":"PUBLISH_TIME","repliesFormat":"threaded"},"tagProperties":{"__typename":"TagNodeProperties","tagsEnabled":{"__typename":"PolicyResult","failureReason":null}},"requireTags":true,"tagType":"FREEFORM_AND_PRESET","description":"Ask questions.\r\nDiscover Answers.","title":"Technical Forum","shortTitle":"Technical Forum","parent":{"__ref":"Category:category:Forums"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:zihoc95639"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:Forums"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"theme":{"__ref":"Theme:customTheme1"},"boardPolicies":{"__typename":"BoardPolicies","canViewSpamDashBoard":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.access_spam_quarantine.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.access_spam_quarantine.allowed.accessDenied","args":[]}},"canArchiveMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.content_archivals.enable_content_archival_settings.accessDenied","key":"error.lithium.policies.content_archivals.enable_content_archival_settings.accessDenied","args":[]}},"canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","args":[]}},"canManageFeaturedWidget":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.featured_widgets.action.admin_featured_widget.allowed.accessDenied","key":"error.lithium.policies.feature.featured_widgets.action.admin_featured_widget.allowed.accessDenied","args":[]}},"canUpdateFeaturedWidget":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.featured_widgets.action.update_featured_widget.allowed.accessDenied","key":"error.lithium.policies.feature.featured_widgets.action.update_featured_widget.allowed.accessDenied","args":[]}},"canReadNode":{"__typename":"PolicyResult","failureReason":null}},"linkProperties":{"__typename":"LinkProperties","isExternalLinkWarningEnabled":false},"forumPolicies":{"__typename":"ForumPolicies","canManageFeaturedWidget":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.featured_widgets.action.admin_featured_widget.allowed.accessDenied","key":"error.lithium.policies.feature.featured_widgets.action.admin_featured_widget.allowed.accessDenied","args":[]}},"canUpdateFeaturedWidget":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.featured_widgets.action.update_featured_widget.allowed.accessDenied","key":"error.lithium.policies.feature.featured_widgets.action.update_featured_widget.allowed.accessDenied","args":[]}},"canReadNode":{"__typename":"PolicyResult","failureReason":null}},"eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/"},"ForumTopicMessage:message:190462":{"__typename":"ForumTopicMessage","uid":190462,"subject":"kerberos and ntlm authentication using APM","id":"message:190462","entityType":"FORUM_TOPIC","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:190462","revisionNum":1,"repliesCount":13,"author":{"__ref":"User:user:56845"},"depth":0,"hasGivenKudo":false,"board":{"__ref":"Forum:board:TechnicalForum"},"conversation":{"__ref":"Conversation:conversation:190462"},"readOnly":false,"editFrozen":false,"showMoveIndicator":false,"moderationData":{"__ref":"ModerationData:moderation_data:190462"},"body":"

Hi,

 

\n

I have setup sharepoint 2010 iApp, using NTLM authentication and it is working well(using the F5 login page), however, I now have a requirement to use kerberos authentication, as well as NTLM. In effect, if the kerberos is not present, then the NTLM should be used as the default. Another requirement, is that if a user is already logged into their windows 7 workstation, then their credentials should be silently passed to the F5 to allow kerberos authentication \"transparently\" without the user having to see a login page.

 

\n

Currently I have read many documents, but settled on the \"Access policy manager, Single Sign On configuration guide\" for v11.3(HF3). This details the NTLM setup nicely and also a \"client based certificate\" setup using kerberos. Whilst this is instructive, it does not actually help, as my scenario does not involve client side certificates(unless I am mistaken). I have created a kerberos SSO config, and am at the stage of editing the access policy, but it is at this piont, where I seem to have a lot of choices and not much documentation. Has anyone done this already, and could offer me any pionters. As a first off, I would like to just get kerberos SSO working, then I could work on getting both NTLM and Kerberos.

 

\n

any links to documentation, or even better a similar example would be extemely appreciated.

 

\n

 

\n

thanks

 

\n

Sc0tt....

 

\n

 

\n

 

","body@stringLength":"1711","rawBody":"

Hi,

 

\n

I have setup sharepoint 2010 iApp, using NTLM authentication and it is working well(using the F5 login page), however, I now have a requirement to use kerberos authentication, as well as NTLM. In effect, if the kerberos is not present, then the NTLM should be used as the default. Another requirement, is that if a user is already logged into their windows 7 workstation, then their credentials should be silently passed to the F5 to allow kerberos authentication \"transparently\" without the user having to see a login page.

 

\n

Currently I have read many documents, but settled on the \"Access policy manager, Single Sign On configuration guide\" for v11.3(HF3). This details the NTLM setup nicely and also a \"client based certificate\" setup using kerberos. Whilst this is instructive, it does not actually help, as my scenario does not involve client side certificates(unless I am mistaken). I have created a kerberos SSO config, and am at the stage of editing the access policy, but it is at this piont, where I seem to have a lot of choices and not much documentation. Has anyone done this already, and could offer me any pionters. As a first off, I would like to just get kerberos SSO working, then I could work on getting both NTLM and Kerberos.

 

\n

any links to documentation, or even better a similar example would be extemely appreciated.

 

\n

 

\n

thanks

 

\n

Sc0tt....

 

\n

 

\n

 

","kudosSumWeight":0,"postTime":"2013-04-26T04:47:05.000-07:00","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"attachments":{"__typename":"AttachmentConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuNHwyLjF8b3wxMHxfTlZffDE","node":{"__typename":"Tag","id":"tag:app sec","text":"app sec","time":"2022-01-24T02:29:46.154-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuNHwyLjF8b3wxMHxfTlZffDI","node":{"__typename":"Tag","id":"tag:BIG-IP Access Policy Manager (APM)","text":"BIG-IP Access Policy Manager (APM)","time":"2022-11-30T10:37:24.269-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuNHwyLjF8b3wxMHxfTlZffDM","node":{"__typename":"Tag","id":"tag:security","text":"security","time":"2009-07-03T08:19:36.000-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"currentRevision":{"__ref":"Revision:revision:190462_1"},"latestVersion":null,"metrics":{"__typename":"MessageMetrics","views":1530},"read":false,"visibilityScope":"PUBLIC","canonicalUrl":null,"seoTitle":null,"seoDescription":null,"isEscalated":null,"placeholder":false,"originalMessageForPlaceholder":null,"messagePolicies":{"__typename":"MessagePolicies","canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}},"archivalData":null,"searchSnippet":"Hi,   \n I have setup sharepoint 2010 iApp, using NTLM authentication and it is working well(using the F5 login page), however, I now have a requirement to use kerberos authentication, as...","replies":{"__typename":"MessageConnection","edges":[{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8aXwxMHwzOToxfGludCwxOTA0NjMsMTkwNDYz","node":{"__ref":"ForumReplyMessage:message:190463"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8aXwxMHwzOToxfGludCwxOTA0NjMsMTkwNDY0","node":{"__ref":"ForumReplyMessage:message:190464"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8aXwxMHwzOToxfGludCwxOTA0NjMsMTkwNDY1","node":{"__ref":"ForumReplyMessage:message:190465"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8aXwxMHwzOToxfGludCwxOTA0NjMsMTkwNDY2","node":{"__ref":"ForumReplyMessage:message:190466"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8aXwxMHwzOToxfGludCwxOTA0NjMsMTkwNDY3","node":{"__ref":"ForumReplyMessage:message:190467"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8aXwxMHwzOToxfGludCwxOTA0NjMsMTkwNDY4","node":{"__ref":"ForumReplyMessage:message:190468"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8aXwxMHwzOToxfGludCwxOTA0NjMsMTkwNDY5","node":{"__ref":"ForumReplyMessage:message:190469"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8aXwxMHwzOToxfGludCwxOTA0NjMsMTkwNDcw","node":{"__ref":"ForumReplyMessage:message:190470"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8aXwxMHwzOToxfGludCwxOTA0NjMsMTkwNDcx","node":{"__ref":"ForumReplyMessage:message:190471"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8aXwxMHwzOToxfGludCwxOTA0NjMsMTkwNDcy","node":{"__ref":"ForumReplyMessage:message:190472"}}],"pageInfo":{"__typename":"PageInfo","hasNextPage":true,"endCursor":"MjUuNHwyLjF8aXwxMHwzOToxfGludCwxOTA0NjMsMTkwNDcy","hasPreviousPage":false,"startCursor":null}},"customFields":[]},"Conversation:conversation:190462":{"__typename":"Conversation","id":"conversation:190462","solved":false,"topic":{"__ref":"ForumTopicMessage:message:190462"},"lastPostingActivityTime":"2014-02-19T15:44:58.000-08:00","lastPostTime":"2014-02-19T15:44:58.000-08:00","unreadReplyCount":13,"isSubscribed":false},"ModerationData:moderation_data:190462":{"__typename":"ModerationData","id":"moderation_data:190462","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"Revision:revision:190462_1":{"__typename":"Revision","id":"revision:190462_1","lastEditTime":"2013-04-26T04:47:05.000-07:00"},"CachedAsset:theme:customTheme1-1751557990837":{"__typename":"CachedAsset","id":"theme:customTheme1-1751557990837","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"android-chrome-512x512-1748534255255.png","imageLastModified":"1748534256856","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"F5-devCentral-HR-color-reverse-1750868999153.png","imageLastModified":"1750869001512","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"fluid","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"500","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"#0072B0","primaryBgHoverColor":"hsl(201.10000000000002, 100%, 29.3%)","primaryBgActiveColor":"hsl(201.10000000000002, 100%, 24.2%)","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px #0072B0, 0 0 0 4px rgba(0, 114, 176, 0.2)","secondaryTextColor":"var(--lia-bs-white)","secondaryTextHoverColor":"var(--lia-bs-white)","secondaryTextActiveColor":"var(--lia-bs-white)","secondaryBgColor":"#0072B0","secondaryBgHoverColor":"hsl(201.10000000000002, 100%, 29.3%)","secondaryBgActiveColor":"hsl(201.10000000000002, 100%, 24.2%)","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px #0072B0, 0 0 0 4px rgba(0, 114, 176, 0.2)","tertiaryTextColor":"#0072B0","tertiaryTextHoverColor":"hsl(201.10000000000002, 100%, 32.8%)","tertiaryTextActiveColor":"hsl(201.10000000000002, 100%, 31.1%)","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"rgba(0, 114, 176, 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid rgba(0, 114, 176, 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px #0072B0, 0 0 0 4px rgba(0, 114, 176, 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px #0072B0, 0 0 0 4px rgba(0, 114, 176, 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"DARK","sideContent":"DARK","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.16)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.12)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"500","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","defaultMessageFontFamily":"var(--lia-bs-font-family-base)","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0072B0","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36","#B2D7EB","#66AFD7","#007ABC","#343434","#0E6EB9","#0072B0"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Neusa Next Pro Wide Bold","fontStyle":"NORMAL","fontWeight":"700","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.1","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","tableBgColor":"transparent","tableBorderColor":"var(--lia-bs-gray-700)","tableBorderStyle":"solid","tableCellPaddingX":"5px","tableCellPaddingY":"5px","tableTextColor":"var(--lia-bs-body-color)","tableVerticalAlign":"middle","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Proxima Nova A Medium","fontStyleBase":"NORMAL","fontWeightBase":"500","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.2","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[{"source":"SERVER","name":"Proxima Nova A Medium","styles":[{"style":"NORMAL","weight":"500","__typename":"FontStyleData"}],"assetNames":["ProximaNovaAMedium-normal-500.woff2"],"__typename":"CustomFont"},{"source":"SERVER","name":"Neusa Next Pro Wide Bold","styles":[{"style":"NORMAL","weight":"700","__typename":"FontStyleData"}],"assetNames":["NeusaNextProWideBold-normal-700.woff2"],"__typename":"CustomFont"}],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1751557989989","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:quilt:f5.prod:pages/forums/ForumMessagePage:board:TechnicalForum-1751557989071":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/forums/ForumMessagePage:board:TechnicalForum-1751557989071","value":{"id":"ForumMessagePage","container":{"id":"Common","headerProps":{"backgroundImageProps":null,"backgroundColor":null,"addComponents":null,"removeComponents":["community.widget.bannerWidget"],"componentOrder":null,"__typename":"QuiltContainerSectionProps"},"headerComponentProps":{"community.widget.breadcrumbWidget":{"disableLastCrumbForDesktop":false}},"footerProps":null,"footerComponentProps":null,"items":[{"id":"message-list","layout":"MAIN_SIDE","bgColor":"transparent","showTitle":false,"showDescription":false,"textPosition":"CENTER","textColor":"var(--lia-bs-body-color)","sectionEditLevel":null,"bgImage":null,"disableSpacing":null,"edgeToEdgeDisplay":null,"fullHeight":null,"showBorder":null,"__typename":"MainSideQuiltSection","columnMap":{"main":[{"id":"messages.widget.topicWithThreadedReplyListWidget","className":"lia-topic-with-replies","props":{"editLevel":"CONFIGURE"},"__typename":"QuiltComponent"}],"side":[{"id":"featuredWidgets.widget.featuredContentWidget","className":null,"props":{"instanceId":"featuredWidgets.widget.featuredContentWidget-1705956211049","layoutProps":{"layout":"card","layoutOptions":{"useRepliesCount":false,"useAuthorRank":false,"useTimeToRead":true,"useKudosCount":false,"useViewCount":false,"usePreviewMedia":true,"useBody":false,"useCenteredCardContent":false,"useTags":true,"useTimestamp":false,"useBoardLink":true,"useAuthorLink":false,"useSolvedBadge":true}},"titleSrOnly":false,"showPager":true,"pageSize":3,"lazyLoad":false},"__typename":"QuiltComponent"},{"id":"messages.widget.messageListForNodeByRecentActivityWidget","className":null,"props":{"hideIfEmpty":true,"pageSize":5,"pagerVariant":{"type":"loadMore"},"viewVariant":{"type":"inline","props":{"useRepliesCount":false,"useMedia":false,"useAuthorRank":false,"useNode":false,"boardIconSize":"24","truncateBodyLength":-1,"useNodeLink":true,"usePreviewMedia":false,"timeStampType":"conversation.lastPostingActivityTime","avatarSize":"40","useTextBody":true,"useSolvedBadge":true,"subjectAs":"h6","renderPostTimeBeforeAuthor":true,"useAvatar":false,"useTimeToRead":false,"useSpoilerFreeBody":true,"useKudosCount":false,"useViewCount":false,"useBody":false,"useTags":false,"clampSubjectLines":1,"useBoardIcon":true,"useMessageTimeLink":true,"clampBodyLines":3,"useAuthorLogin":true,"useUnreadCount":false,"useNodeHoverCard":true,"useSearchSnippet":false}},"lazyLoad":false,"listVariant":{"type":"unstyled","props":{"listItemSpacing":"xxl"}},"useTitle":true,"addTags":false,"titleContextVariant":"other","showTabs":false,"style":"compact","panelType":"standard","sorts":{"conversationLastPostingActivityTime":{"direction":"DESC"}}},"__typename":"QuiltComponent"},{"id":"messages.widget.relatedContentWidget","className":null,"props":{"hideIfEmpty":true,"enablePagination":false,"useTitle":true,"listVariant":{"type":"unstyled","props":{"listItemSpacing":"xxl"}},"pageSize":5,"style":"compact","pagerVariant":{"type":"none"},"viewVariant":{"type":"inline","props":{"useRepliesCount":false,"useMedia":false,"useAuthorRank":false,"useNode":false,"boardIconSize":"24","useAuthorLoginLink":true,"useNodeLink":true,"usePreviewMedia":true,"timeStampType":"postTime","useTextBody":true,"useSolvedBadge":false,"subjectAs":"h6","renderPostTimeBeforeAuthor":true,"useAvatar":false,"useVideoPreview":false,"portraitClampBodyLines":3,"useCompactSpacing":true,"useTimeToRead":false,"useSpoilerFreeBody":true,"useKudosCount":false,"useViewCount":false,"useBody":false,"useTags":false,"clampSubjectLines":1,"useBoardIcon":true,"useMessageTimeLink":true,"useAuthorLogin":true}},"lazyLoad":false,"panelType":"standard"},"__typename":"QuiltComponent"},{"id":"custom.widget.Community_Quicklinks","className":null,"props":{"customComponentId":"custom.widget.Community_Quicklinks"},"__typename":"QuiltComponent"}],"__typename":"MainSideSectionColumns"}}],"__typename":"QuiltContainer"},"__typename":"Quilt","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1751557989989","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/forums/ForumMessagePage-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-pages/forums/ForumMessagePage-1751557989989","value":{"title":"{contextMessageSubject} | {communityTitle}","errorMissing":"This message cannot be found","name":"Forum Message Page","section.message-list.title":"Forum Discussion","archivedMessageTitle":"This Content Has Been Archived","section.message-list.description":""},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1751557989989","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1751557989536":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1751557989536","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"#343434","items":[{"id":"custom.widget.GainsightShared","props":{"widgetVisibility":"signedInOnly","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"useIconLanguagePicker":true,"useLabelLanguagePicker":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"#F29A36","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":1,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"unset","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"var(--lia-bs-white)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","controllerTextColor":"var(--lia-nav-controller-icon-color)","background":{"imageAssetName":"","color":"var(--lia-bs-body-color)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-white)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid var(--lia-bs-white)","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"var(--lia-bs-white)","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"var(--lia-bs-white)"},"links":{"sideLinks":[],"logoLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"},{"children":[],"linkType":"EXTERNAL","id":"Common-external-link","url":"https://community.f5.com/c/how-do-i","target":"SELF"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false,"languagePickerStyle":"iconAndLabel"},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"#343434","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"var(--lia-bs-white)"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"#343434","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":true},"backgroundOpacity":100,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:component:custom.widget.GainsightShared-en-us-1751558010090":{"__typename":"CachedAsset","id":"component:custom.widget.GainsightShared-en-us-1751558010090","value":{"component":{"id":"custom.widget.GainsightShared","template":{"id":"GainsightShared","markupLanguage":"HTML","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"Shared functions for Gainsight integration","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.GainsightShared","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Shared functions for Gainsight integration","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-us-1751558010090":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-us-1751558010090","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Community_Quicklinks-en-us-1751558010090":{"__typename":"CachedAsset","id":"component:custom.widget.Community_Quicklinks-en-us-1751558010090","value":{"component":{"id":"custom.widget.Community_Quicklinks","template":{"id":"Community_Quicklinks","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Community_Quicklinks","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-us-1751558010090":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-us-1751558010090","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-us-1751558010090":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-us-1751558010090","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-us-1751558010090":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-us-1751558010090","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1751557989989","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBanner-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBanner-1751557989989","value":{"messageMarkedAsSpam":"This post has been marked as spam","messageMarkedAsSpam@board:TKB":"This article has been marked as spam","messageMarkedAsSpam@board:BLOG":"This post has been marked as spam","messageMarkedAsSpam@board:FORUM":"This discussion has been marked as spam","messageMarkedAsSpam@board:OCCASION":"This event has been marked as spam","messageMarkedAsSpam@board:IDEA":"This idea has been marked as spam","manageSpam":"Manage Spam","messageMarkedAsAbuse":"This post has been marked as abuse","messageMarkedAsAbuse@board:TKB":"This article has been marked as abuse","messageMarkedAsAbuse@board:BLOG":"This post has been marked as abuse","messageMarkedAsAbuse@board:FORUM":"This discussion has been marked as abuse","messageMarkedAsAbuse@board:OCCASION":"This event has been marked as abuse","messageMarkedAsAbuse@board:IDEA":"This idea has been marked as abuse","preModCommentAuthorText":"This comment will be published as soon as it is approved","preModCommentModeratorText":"This comment is awaiting moderation","messageMarkedAsOther":"This post has been rejected due to other reasons","messageMarkedAsOther@board:TKB":"This article has been rejected due to other reasons","messageMarkedAsOther@board:BLOG":"This post has been rejected due to other reasons","messageMarkedAsOther@board:FORUM":"This discussion has been rejected due to other reasons","messageMarkedAsOther@board:OCCASION":"This event has been rejected due to other reasons","messageMarkedAsOther@board:IDEA":"This idea has been rejected due to other reasons","messageArchived":"This post was archived on {date}","relatedUrl":"View Related Content","relatedContentText":"Showing related content","archivedContentLink":"View Archived Content"},"localOverride":false},"CachedAsset:text:en_US-components/featured/content/FeaturedContentWidget-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/featured/content/FeaturedContentWidget-1751557989989","value":{"edit":"Edit Featured Content","title":"Featured Content","title@instance:iLVTsW":"Pinned Items","title@instance:featuredWidgets.widget.featuredContentWidget-1702666903735":"","title@instance:TZsNhL":"","title@instance:featuredWidgets.widget.featuredContentWidget-1702666556326":"","title@instance:featuredWidgets.widget.featuredContentWidget-1717525242793":"","title@instance:featuredWidgets.widget.featuredContentWidget-1705956211049":"","title@instance:featuredWidgets.widget.featuredContentWidget-1717525727595":"Pinned Items","title@instance:featuredWidgets.widget.featuredContentWidget-1728320145294":"Pinned Items","title@instance:featuredWidgets.widget.featuredContentWidget-1703882552800":""},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1751557989989","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1706288370055":"Content Feed","title@instance:1743095186784":"Most Recent Updates","title@instance:1704317906837":"Content Feed","title@instance:1743095018194":"Most Recent Updates","title@instance:1702668293472":"Community Feed","title@instance:1743095117047":"Most Recent Updates","title@instance:1704319314827":"Blog Feed","title@instance:1743095235555":"Most Recent Updates","title@instance:1704320290851":"My Contributions","title@instance:1703720491809":"Forum Feed","title@instance:1743095311723":"Most Recent Updates","title@instance:1703028709746":"Group Content Feed","title@instance:VTsglH":"Content Feed"},"localOverride":false},"CachedAsset:text:en_US-components/messages/RelatedContentWidget-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/RelatedContentWidget-1751557989989","value":{"title":"Related Content","emptyDescription":"No content to show"},"localOverride":false},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"entityType":"CATEGORY","displayId":"Articles","nodeType":"category","depth":1,"title":"Articles","shortTitle":"Articles"},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"entityType":"TKB","displayId":"TechnicalArticles","nodeType":"board","depth":2,"conversationStyle":"TKB","title":"Technical Articles","shortTitle":"Technical Articles","parent":{"__ref":"Category:category:Articles"},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC1SbWNGdVQ?image-coordinates=0%2C0%2C500%2C500\"}"},"description":"F5 SMEs share good practice.","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/"},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"entityType":"CATEGORY","displayId":"CrowdSRC","nodeType":"category","depth":1,"title":"CrowdSRC","shortTitle":"CrowdSRC"},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"entityType":"TKB","displayId":"codeshare","nodeType":"board","depth":2,"conversationStyle":"TKB","title":"CodeShare","shortTitle":"CodeShare","parent":{"__ref":"Category:category:CrowdSRC"},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi04Ny1Vd0N5bjA?image-coordinates=0%2C0%2C500%2C500\"}"},"description":"Have some code. Share some code.","eventPath":"category:CrowdSRC/community:zihoc95639board:codeshare/"},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:342509":{"__typename":"Conversation","id":"conversation:342509","topic":{"__typename":"ForumTopicMessage","uid":342509},"lastPostingActivityTime":"2025-07-16T02:45:12.920-07:00","solved":false},"ForumTopicMessage:message:342509":{"__typename":"ForumTopicMessage","subject":"F5 ASM XML processing - policy name.","conversation":{"__ref":"Conversation:conversation:342509"},"id":"message:342509","entityType":"FORUM_TOPIC","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:342509","revisionNum":1,"uid":342509,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__typename":"User","uid":429699,"login":"Asura2003","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false},"metrics":{"__typename":"MessageMetrics","views":33},"postTime":"2025-07-15T07:44:26.442-07:00","lastPublishTime":"2025-07-15T07:44:26.442-07:00","readOnly":false},"Conversation:conversation:341889":{"__typename":"Conversation","id":"conversation:341889","topic":{"__typename":"ForumTopicMessage","uid":341889},"lastPostingActivityTime":"2025-07-16T00:07:40.921-07:00","solved":false},"ForumTopicMessage:message:341889":{"__typename":"ForumTopicMessage","subject":"F5OS (r4800) web interface access issue","conversation":{"__ref":"Conversation:conversation:341889"},"id":"message:341889","entityType":"FORUM_TOPIC","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:341889","revisionNum":1,"uid":341889,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__typename":"User","uid":426815,"login":"Ozzy","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false},"metrics":{"__typename":"MessageMetrics","views":90},"postTime":"2025-06-10T23:20:48.078-07:00","lastPublishTime":"2025-06-10T23:20:48.078-07:00","readOnly":false},"Conversation:conversation:342519":{"__typename":"Conversation","id":"conversation:342519","topic":{"__typename":"ForumTopicMessage","uid":342519},"lastPostingActivityTime":"2025-07-15T21:03:04.943-07:00","solved":false},"ForumTopicMessage:message:342519":{"__typename":"ForumTopicMessage","subject":"F5 doesn't signatures for cve","conversation":{"__ref":"Conversation:conversation:342519"},"id":"message:342519","entityType":"FORUM_TOPIC","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:342519","revisionNum":1,"uid":342519,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__typename":"User","uid":259586,"login":"THE_BLUE","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false},"metrics":{"__typename":"MessageMetrics","views":29},"postTime":"2025-07-15T11:10:23.997-07:00","lastPublishTime":"2025-07-15T11:10:23.997-07:00","readOnly":false},"Conversation:conversation:342525":{"__typename":"Conversation","id":"conversation:342525","topic":{"__typename":"ForumTopicMessage","uid":342525},"lastPostingActivityTime":"2025-07-15T14:37:32.526-07:00","solved":false},"ForumTopicMessage:message:342525":{"__typename":"ForumTopicMessage","subject":"Corn Job script to automate backup and export F5OS","conversation":{"__ref":"Conversation:conversation:342525"},"id":"message:342525","entityType":"FORUM_TOPIC","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:342525","revisionNum":1,"uid":342525,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__typename":"User","uid":420529,"login":"ashk","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false},"metrics":{"__typename":"MessageMetrics","views":12},"postTime":"2025-07-15T14:37:32.526-07:00","lastPublishTime":"2025-07-15T14:37:32.526-07:00","readOnly":false},"Conversation:conversation:342400":{"__typename":"Conversation","id":"conversation:342400","topic":{"__typename":"ForumTopicMessage","uid":342400},"lastPostingActivityTime":"2025-07-15T11:33:18.212-07:00","solved":false},"ForumTopicMessage:message:342400":{"__typename":"ForumTopicMessage","subject":"irule to block a non valid url","conversation":{"__ref":"Conversation:conversation:342400"},"id":"message:342400","entityType":"FORUM_TOPIC","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:342400","revisionNum":1,"uid":342400,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__typename":"User","uid":436632,"login":"cg1603","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false},"metrics":{"__typename":"MessageMetrics","views":49},"postTime":"2025-07-08T22:59:05.142-07:00","lastPublishTime":"2025-07-08T22:59:05.142-07:00","readOnly":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMjgtQ3U0RXo2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/cmstMjgtQ3U0RXo2","height":0,"width":0,"mimeType":"image/svg+xml"},"Rank:rank:28":{"__typename":"Rank","id":"rank:28","position":4,"name":"Employee","color":"C20025","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMjgtQ3U0RXo2\"}"},"rankStyle":"OUTLINE"},"User:user:228473":{"__typename":"User","id":"user:228473","uid":228473,"login":"Shajiya_Shaik","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2021-06-13T22:19:28.000-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yMjg0NzMtbjViSmdY?image-coordinates=5%2C5%2C264%2C264"},"rank":{"__ref":"Rank:rank:28"},"messagesCount":15,"kudosGivenCount":0,"kudosReceivedCount":50,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":0,"entityType":"USER","eventPath":"community:zihoc95639/user:228473"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC1SbWNGdVQ?image-coordinates=0%2C0%2C500%2C500\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC1SbWNGdVQ?image-coordinates=0%2C0%2C500%2C500","mimeType":"image/png"},"TkbTopicMessage:message:342140":{"__typename":"TkbTopicMessage","uid":342140,"subject":"Mitigating OWASP API Security Risks: Broken Authentication using BIG-IP","id":"message:342140","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:342140","revisionNum":2,"repliesCount":1,"author":{"__ref":"User:user:228473"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:TechnicalArticles"},"conversation":{"__ref":"Conversation:conversation:342140"},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"shortScheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false}},"moderationData":{"__ref":"ModerationData:moderation_data:342140"},"teaser@stripHtml({\"removeProcessingText\":false,\"truncateLength\":200})":" In this article, we delve into the root causes of Broken Authentication in APIs and demonstrate how F5 BIG-IP can be leveraged to effectively mitigate these risks. ","postTime":"2025-07-03T05:00:00.053-07:00","lastPublishTime":"2025-07-03T05:00:00.053-07:00","readOnly":false,"introduction":"","metrics":{"__typename":"MessageMetrics","views":114},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null},"Conversation:conversation:342140":{"__typename":"Conversation","id":"conversation:342140","solved":false,"topic":{"__ref":"TkbTopicMessage:message:342140"},"lastPostingActivityTime":"2025-07-13T22:39:19.256-07:00","lastPostTime":"2025-07-13T22:39:19.256-07:00","isSubscribed":false},"ModerationData:moderation_data:342140":{"__typename":"ModerationData","id":"moderation_data:342140","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:342140":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:342140","relatedMessage":{"__ref":"TkbTopicMessage:message:342140"}},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMjktRWl0NU5q\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/cmstMjktRWl0NU5q","height":24,"width":21,"mimeType":"image/png"},"Rank:rank:29":{"__typename":"Rank","id":"rank:29","position":6,"name":"MVP","color":"66AFD7","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMjktRWl0NU5q\"}"},"rankStyle":"FILLED"},"User:user:305242":{"__typename":"User","id":"user:305242","uid":305242,"login":"Niels_van_Sluis","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2019-05-15T22:30:51.000-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0zMDUyNDItOTdhb0o2?image-coordinates=228%2C0%2C571%2C343"},"rank":{"__ref":"Rank:rank:29"},"messagesCount":743,"kudosGivenCount":26,"kudosReceivedCount":99,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":36,"entityType":"USER","eventPath":"community:zihoc95639/user:305242"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi04Ny1Vd0N5bjA?image-coordinates=0%2C0%2C500%2C500\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bi04Ny1Vd0N5bjA?image-coordinates=0%2C0%2C500%2C500","mimeType":"image/png"},"TkbTopicMessage:message:291402":{"__typename":"TkbTopicMessage","uid":291402,"subject":"Transparent Kerberos Authentication and APM fallback authentication","id":"message:291402","entityType":"TKB_ARTICLE","eventPath":"category:CrowdSRC/community:zihoc95639board:codeshare/message:291402","revisionNum":2,"repliesCount":2,"author":{"__ref":"User:user:305242"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:codeshare"},"conversation":{"__ref":"Conversation:conversation:291402"},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"shortScheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false}},"moderationData":{"__ref":"ModerationData:moderation_data:291402"},"teaser@stripHtml({\"removeProcessingText\":false,\"truncateLength\":200})":"","postTime":"2019-11-15T14:17:19.000-08:00","lastPublishTime":"2023-10-26T06:55:54.287-07:00","readOnly":false,"introduction":"","metrics":{"__typename":"MessageMetrics","views":863},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null},"Conversation:conversation:291402":{"__typename":"Conversation","id":"conversation:291402","solved":false,"topic":{"__ref":"TkbTopicMessage:message:291402"},"lastPostingActivityTime":"2023-10-26T06:57:42.736-07:00","lastPostTime":"2023-10-26T06:57:42.736-07:00","isSubscribed":false},"ModerationData:moderation_data:291402":{"__typename":"ModerationData","id":"moderation_data:291402","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:291402":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:291402","relatedMessage":{"__ref":"TkbTopicMessage:message:291402"}},"TkbTopicMessage:message:341891":{"__typename":"TkbTopicMessage","uid":341891,"subject":"Mitigating OWASP Web Application Risk: Identification and Authentication Failure using BIG-IP","id":"message:341891","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:341891","revisionNum":2,"repliesCount":1,"author":{"__ref":"User:user:228473"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:TechnicalArticles"},"conversation":{"__ref":"Conversation:conversation:341891"},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"shortScheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false}},"moderationData":{"__ref":"ModerationData:moderation_data:341891"},"teaser@stripHtml({\"removeProcessingText\":false,\"truncateLength\":200})":" This article gives the insights about one of the OWASP Web Application Risk that is Identification and Authentication and its Mitigating actions using F5 BIG-IP. ","postTime":"2025-06-23T05:00:00.027-07:00","lastPublishTime":"2025-06-23T05:00:00.027-07:00","readOnly":false,"introduction":"","metrics":{"__typename":"MessageMetrics","views":90},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null},"Conversation:conversation:341891":{"__typename":"Conversation","id":"conversation:341891","solved":false,"topic":{"__ref":"TkbTopicMessage:message:341891"},"lastPostingActivityTime":"2025-07-02T22:25:13.783-07:00","lastPostTime":"2025-07-02T22:25:13.783-07:00","isSubscribed":false},"ModerationData:moderation_data:341891":{"__typename":"ModerationData","id":"moderation_data:341891","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:341891":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:341891","relatedMessage":{"__ref":"TkbTopicMessage:message:341891"}},"User:user:193846":{"__typename":"User","id":"user:193846","uid":193846,"login":"MichaelatF5","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2011-01-25T00:00:00.000-08:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xOTM4NDYtMTY3NjBpRkE2REFFMjI0Mjk0ODdCOQ"},"rank":{"__ref":"Rank:rank:28"},"messagesCount":108,"kudosGivenCount":26,"kudosReceivedCount":38,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":0,"entityType":"USER","eventPath":"community:zihoc95639/user:193846"},"TkbTopicMessage:message:289166":{"__typename":"TkbTopicMessage","uid":289166,"subject":"US FEDERAL: Enabling Kerberos for Smartcard Authentication to Apache.","id":"message:289166","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:289166","revisionNum":1,"repliesCount":0,"author":{"__ref":"User:user:193846"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:TechnicalArticles"},"conversation":{"__ref":"Conversation:conversation:289166"},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"shortScheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false}},"moderationData":{"__ref":"ModerationData:moderation_data:289166"},"teaser@stripHtml({\"removeProcessingText\":false,\"truncateLength\":200})":"","postTime":"2015-03-03T12:32:00.000-08:00","lastPublishTime":"2015-03-03T12:32:00.000-08:00","readOnly":false,"introduction":"","metrics":{"__typename":"MessageMetrics","views":1316},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null},"Conversation:conversation:289166":{"__typename":"Conversation","id":"conversation:289166","solved":false,"topic":{"__ref":"TkbTopicMessage:message:289166"},"lastPostingActivityTime":"2015-03-03T12:32:00.000-08:00","lastPostTime":"2015-03-03T12:32:00.000-08:00","isSubscribed":false},"ModerationData:moderation_data:289166":{"__typename":"ModerationData","id":"moderation_data:289166","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:289166":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:289166","relatedMessage":{"__ref":"TkbTopicMessage:message:289166"}},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMzctMmdkZklv\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/cmstMzctMmdkZklv","height":0,"width":0,"mimeType":"image/svg+xml"},"Rank:rank:37":{"__typename":"Rank","id":"rank:37","position":14,"name":"Cirrostratus","color":"CCCCCC","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMzctMmdkZklv\"}"},"rankStyle":"FILLED"},"User:user:213818":{"__typename":"User","id":"user:213818","uid":213818,"login":"Smithy","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2011-07-31T01:00:00.000-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-6.svg?time=0"},"rank":{"__ref":"Rank:rank:37"},"messagesCount":72,"kudosGivenCount":1,"kudosReceivedCount":5,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":1,"entityType":"USER","eventPath":"community:zihoc95639/user:213818"},"TkbTopicMessage:message:279004":{"__typename":"TkbTopicMessage","uid":279004,"subject":"APM Cookbook: Single Sign On (SSO) using Kerberos","id":"message:279004","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:279004","revisionNum":1,"repliesCount":28,"author":{"__ref":"User:user:213818"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:TechnicalArticles"},"conversation":{"__ref":"Conversation:conversation:279004"},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"shortScheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false}},"moderationData":{"__ref":"ModerationData:moderation_data:279004"},"teaser@stripHtml({\"removeProcessingText\":false,\"truncateLength\":200})":"","postTime":"2014-04-28T06:16:00.000-07:00","lastPublishTime":"2014-04-28T06:16:00.000-07:00","readOnly":false,"introduction":"","metrics":{"__typename":"MessageMetrics","views":8656},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null},"Conversation:conversation:279004":{"__typename":"Conversation","id":"conversation:279004","solved":false,"topic":{"__ref":"TkbTopicMessage:message:279004"},"lastPostingActivityTime":"2024-02-24T22:44:31.389-08:00","lastPostTime":"2024-02-24T22:44:31.389-08:00","isSubscribed":false},"ModerationData:moderation_data:279004":{"__typename":"ModerationData","id":"moderation_data:279004","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:279004":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:279004","relatedMessage":{"__ref":"TkbTopicMessage:message:279004"}},"QueryVariables:TopicReplyList:message:190462:1":{"__typename":"QueryVariables","id":"TopicReplyList:message:190462:1","value":{"id":"message:190462","first":10,"sorts":{"postTime":{"direction":"ASC"}},"repliesFirst":3,"repliesFirstDepthThree":1,"repliesSorts":{"postTime":{"direction":"ASC"}},"useAvatar":true,"useAuthorLogin":true,"useAuthorRank":true,"useBody":true,"useKudosCount":true,"useTimeToRead":false,"useMedia":false,"useReadOnlyIcon":false,"useRepliesCount":true,"useSearchSnippet":false,"useAcceptedSolutionButton":true,"useSolvedBadge":false,"useAttachments":false,"attachmentsFirst":5,"useTags":true,"useNodeAncestors":false,"useUserHoverCard":false,"useNodeHoverCard":false,"useModerationStatus":true,"usePreviewSubjectModal":false,"useMessageStatus":true}},"ROOT_MUTATION":{"__typename":"Mutation"},"CachedAsset:text:en_US-components/community/Navbar-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1751557989989","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","Common-external-link":"How Do I...?","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1751557989989","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1751557989989","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1751557989989","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1751557989989","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1751557989989","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewStandard-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewStandard-1751557989989","value":{"anonymous":"Anonymous","author":"{messageAuthorLogin}","authorBy":"{messageAuthorLogin}","board":"{messageBoardTitle}","replyToUser":" to {parentAuthor}","showMoreReplies":"Show More","replyText":"Reply","repliesText":"Replies","markedAsSolved":"Marked as Solution","messageStatus":"Status: ","statusChanged":"Status changed: {previousStatus} to {currentStatus}","statusAdded":"Status added: {status}","statusRemoved":"Status removed: {status}","labelExpand":"expand replies","labelCollapse":"collapse replies","unhelpfulReason.reason1":"Content is outdated","unhelpfulReason.reason2":"Article is missing information","unhelpfulReason.reason3":"Content is for a different Product","unhelpfulReason.reason4":"Doesn't match what I was searching for"},"localOverride":false},"CachedAsset:text:en_US-components/messages/ThreadedReplyList-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/ThreadedReplyList-1751557989989","value":{"title":"{count, plural, one{# Reply} other{# Replies}}","title@board:BLOG":"{count, plural, one{# Comment} other{# Comments}}","title@board:TKB":"{count, plural, one{# Comment} other{# Comments}}","title@board:IDEA":"{count, plural, one{# Comment} other{# Comments}}","title@board:OCCASION":"{count, plural, one{# Comment} other{# Comments}}","noRepliesTitle":"No Replies","noRepliesTitle@board:BLOG":"No Comments","noRepliesTitle@board:TKB":"No Comments","noRepliesTitle@board:IDEA":"No Comments","noRepliesTitle@board:OCCASION":"No Comments","noRepliesDescription":"Be the first to reply","noRepliesDescription@board:BLOG":"Be the first to comment","noRepliesDescription@board:TKB":"Be the first to comment","noRepliesDescription@board:IDEA":"Be the first to comment","noRepliesDescription@board:OCCASION":"Be the first to comment","messageReadOnlyAlert:BLOG":"Comments have been turned off for this post","messageReadOnlyAlert:TKB":"Comments have been turned off for this article","messageReadOnlyAlert:IDEA":"Comments have been turned off for this idea","messageReadOnlyAlert:FORUM":"Replies have been turned off for this discussion","messageReadOnlyAlert:OCCASION":"Comments have been turned off for this event"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyCallToAction-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyCallToAction-1751557989989","value":{"leaveReply":"Leave a reply...","leaveReply@board:BLOG@message:root":"Leave a comment...","leaveReply@board:TKB@message:root":"Leave a comment...","leaveReply@board:IDEA@message:root":"Leave a comment...","leaveReply@board:OCCASION@message:root":"Leave a comment...","repliesTurnedOff.FORUM":"Replies are turned off for this topic","repliesTurnedOff.BLOG":"Comments are turned off for this topic","repliesTurnedOff.TKB":"Comments are turned off for this topic","repliesTurnedOff.IDEA":"Comments are turned off for this topic","repliesTurnedOff.OCCASION":"Comments are turned off for this topic","infoText":"Stop poking me!"},"localOverride":false},"CachedAsset:text:en_US-components/featured/content/FeaturedContentMessageList-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/featured/content/FeaturedContentMessageList-1751557989989","value":{"edit":"Edit Featured Content","header":"Featured Content"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1751557989989","value":{"title":"Query Handler"},"localOverride":false},"User:user:189442":{"__typename":"User","id":"user:189442","uid":189442,"login":"Greg_Coward","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2011-07-19T01:00:00.000-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xODk0NDItOHNzWXY0?image-coordinates=250%2C0%2C1960%2C1710"},"rank":{"__ref":"Rank:rank:28"},"messagesCount":69,"kudosGivenCount":2,"kudosReceivedCount":54,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":0,"entityType":"USER","eventPath":"community:zihoc95639/user:189442"},"TkbTopicMessage:message:342325":{"__typename":"TkbTopicMessage","uid":342325,"subject":"How I did it - \"High-Performance S3 Load Balancing of Dell ObjectScale with F5 BIG-IP\"","id":"message:342325","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:342325","revisionNum":10,"repliesCount":0,"author":{"__ref":"User:user:189442"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:TechnicalArticles"},"conversation":{"__ref":"Conversation:conversation:342325"},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"shortScheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false}},"moderationData":{"__ref":"ModerationData:moderation_data:342325"},"teaser":"

As AI and data-driven workloads grow, enterprises need scalable, high-performance, and resilient storage. Dell ObjectScale delivers with its cloud-native, S3-compatible design, ideal for AI/ML and analytics. F5 BIG-IP LTM and DNS enhance ObjectScale by providing intelligent traffic management and global load balancing—ensuring consistent performance and availability across distributed environments. This article introduces Dell ObjectScale and its integration with F5 solutions for advanced use cases.

","postTime":"2025-07-15T05:00:00.038-07:00","lastPublishTime":"2025-07-15T09:40:54.405-07:00","images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtekZxRzIw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtZDNZb0x4?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtU2l6YWJM?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtTkg2eklw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtbmlnQllC?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtN1d4U2xJ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtNzk4SGxm?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUteTdwRmlj?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtUjZRbjgx?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtaTZaYkVC?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtZEhpVUNH?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtdEFzS1M1?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtRVVsTFVx?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtUjVjMzdk?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUteTBwdlp3?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtbXhwQUcw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtV29QaFJa?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtSDB2UVNw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtMzJDTUo3?revision=10\"}"}}],"totalCount":19,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuNHwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:dell","text":"dell","time":"2022-01-24T02:29:50.297-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuNHwyLjF8b3w1fF9OVl98Mg","node":{"__typename":"Tag","id":"tag:devops","text":"devops","time":"2011-10-19T17:50:55.000-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuNHwyLjF8b3w1fF9OVl98Mw","node":{"__typename":"Tag","id":"tag:S3","text":"S3","time":"2025-07-03T13:28:50.308-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuNHwyLjF8b3w1fF9OVl98NA","node":{"__typename":"Tag","id":"tag:storage","text":"storage","time":"2022-01-24T02:29:56.689-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":14,"introduction":"","metrics":{"__typename":"MessageMetrics","views":205},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:342325":{"__typename":"Conversation","id":"conversation:342325","solved":false,"topic":{"__ref":"TkbTopicMessage:message:342325"},"lastPostingActivityTime":"2025-07-15T09:40:54.405-07:00","lastPostTime":"2025-07-15T05:00:00.038-07:00","isSubscribed":false},"ModerationData:moderation_data:342325":{"__typename":"ModerationData","id":"moderation_data:342325","status":"APPROVED","rejectReason":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtekZxRzIw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtekZxRzIw?revision=10","title":"Picture1.png","associationType":"BODY","width":2745,"height":1200,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtZDNZb0x4?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtZDNZb0x4?revision=10","title":"ltmdns.png","associationType":"BODY","width":2365,"height":898,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtU2l6YWJM?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtU2l6YWJM?revision=10","title":"s3mon1.png","associationType":"BODY","width":1847,"height":2479,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtTkg2eklw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtTkg2eklw?revision=10","title":"pool1.png","associationType":"BODY","width":2740,"height":2475,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtbmlnQllC?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtbmlnQllC?revision=10","title":"Screenshot 2025-07-03 at 12.15.35 PM.png","associationType":"BODY","width":1026,"height":1480,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtN1d4U2xJ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtN1d4U2xJ?revision=10","title":"Screenshot 2025-06-30 at 2.37.20 PM.png","associationType":"BODY","width":985,"height":382,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtNzk4SGxm?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtNzk4SGxm?revision=10","title":"mon9020.png","associationType":"BODY","width":1851,"height":2475,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUteTdwRmlj?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUteTdwRmlj?revision=10","title":"pool9020'.png","associationType":"BODY","width":2791,"height":2479,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtUjZRbjgx?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtUjZRbjgx?revision=10","title":"virt2.png","associationType":"BODY","width":1604,"height":2475,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtaTZaYkVC?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtaTZaYkVC?revision=10","title":"virt3.png","associationType":"BODY","width":1650,"height":2475,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtZEhpVUNH?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtZEhpVUNH?revision=10","title":"image.png","associationType":"BODY","width":613,"height":467,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtdEFzS1M1?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtdEFzS1M1?revision=10","title":"listener.png","associationType":"BODY","width":2209,"height":2475,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtRVVsTFVx?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtRVVsTFVx?revision=10","title":"Screenshot 2025-07-03 at 8.55.49 AM.png","associationType":"BODY","width":457,"height":201,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtUjVjMzdk?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtUjVjMzdk?revision=10","title":"dc.png","associationType":"BODY","width":1750,"height":1347,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUteTBwdlp3?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUteTBwdlp3?revision=10","title":"Screenshot 2025-07-03 at 1.11.14 PM.png","associationType":"BODY","width":552,"height":227,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtbXhwQUcw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtbXhwQUcw?revision=10","title":"dnserver.png","associationType":"BODY","width":2809,"height":2310,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtV29QaFJa?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtV29QaFJa?revision=10","title":"Screenshot 2025-07-03 at 1.21.30 PM.png","associationType":"BODY","width":576,"height":224,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtSDB2UVNw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtSDB2UVNw?revision=10","title":"dnspool.png","associationType":"BODY","width":2956,"height":2896,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtMzJDTUo3?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDIzMjUtMzJDTUo3?revision=10","title":"wideip.png","associationType":"BODY","width":1420,"height":2475,"altText":""},"User:user:305638":{"__typename":"User","id":"user:305638","uid":305638,"login":"Valentin_Tobi","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2019-09-02T03:28:28.000-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0zMDU2MzgtMjE5NThpMzEwNzRGNTRCM0ZCREU4Rg"},"rank":{"__ref":"Rank:rank:28"},"messagesCount":29,"kudosGivenCount":1,"kudosReceivedCount":82,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":0,"entityType":"USER","eventPath":"community:zihoc95639/user:305638"},"TkbTopicMessage:message:342422":{"__typename":"TkbTopicMessage","uid":342422,"subject":"Introducing the F5 AI Assistant for BIG-IP","id":"message:342422","entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:342422","revisionNum":4,"repliesCount":0,"author":{"__ref":"User:user:305638"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:TechnicalArticles"},"conversation":{"__ref":"Conversation:conversation:342422"},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"shortScheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false}},"moderationData":{"__ref":"ModerationData:moderation_data:342422"},"teaser":"

See how F5 AI Assistant for BIG-IP accelerates the creation of new iRules and simplifies their management, making traffic management and security more accessible and efficient than ever before.

","postTime":"2025-07-15T04:00:00.034-07:00","lastPublishTime":"2025-07-15T04:00:00.034-07:00","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuNHwyLjF8b3w1fF9OVl98MQ","node":{"__typename":"Tag","id":"tag:devops","text":"devops","time":"2011-10-19T17:50:55.000-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":2,"introduction":"","metrics":{"__typename":"MessageMetrics","views":255},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3d3dy55b3V0dWJlLmNvbS93YXRjaD92PUxRdzU0M0g4dDVjLzE3NTI1MTQ0MzM2Mjh8MHwyNTsyNXx8","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://www.youtube.com/watch?v=LQw543H8t5c/1752514433628","thumbnail":"https://i.ytimg.com/vi/LQw543H8t5c/hqdefault.jpg","uploading":false,"height":240,"width":320,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:342422":{"__typename":"Conversation","id":"conversation:342422","solved":false,"topic":{"__ref":"TkbTopicMessage:message:342422"},"lastPostingActivityTime":"2025-07-15T04:00:00.034-07:00","lastPostTime":"2025-07-15T04:00:00.034-07:00","isSubscribed":false},"ModerationData:moderation_data:342422":{"__typename":"ModerationData","id":"moderation_data:342422","status":"APPROVED","rejectReason":null},"User:user:7":{"__typename":"User","id":"user:7","login":"LiefZimmerman"},"User:user:130391":{"__typename":"User","id":"user:130391","uid":130391,"login":"Kevin_Stewart","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2006-03-16T00:00:00.000-08:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xMzAzOTEtelZmemp2?image-coordinates=0%2C0%2C500%2C500"},"rank":{"__ref":"Rank:rank:28"},"entityType":"USER","eventPath":"community:zihoc95639/user:130391"},"ModerationData:moderation_data:190463":{"__typename":"ModerationData","id":"moderation_data:190463","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:190463":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:130391"},"id":"message:190463","entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:190462/message:190463","revisionNum":1,"uid":190463,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:190462"},"conversation":{"__ref":"Conversation:conversation:190462"},"subject":"Re: kerberos and ntlm authentication using APM","moderationData":{"__ref":"ModerationData:moderation_data:190463"},"body":"One of the beauties of APM's authentication FULL proxy is its native distinction between client side and server side authentication functions. While you can do client side certificate to server side Kerberos, the only things that Kerberos really needs is a valid domain username and realm, and it doesn't matter how it gets those. That said, you present a few (doable) challenges in your request that should be addressed separately.

\n

 

\n

 

Configuring server side Kerberos SSO

\n

 

As I mentioned before, Kerberos SSO only needs a valid username and domain realm to authenticate a user to a service. There are, however, a few other things that you have to configure to get Kerberos SSO working:

\n

 

\n

 

1. Kerberos SSO is a protocol transition and constrained delegation mechanism, and as it isn't a proper member of the domain, it needs an account in the domain to do its bidding. Create a standard user account in the AD. In the User Logon Name field, create an arbitrary servicePrincipalName. This account will be used to delegate to other services and get tickets on behalf of users, so it needs to have an SPN assigned (user accounts don't normally have SPNs). An SPN is a string that represents a service and a name, so for example \"host/krbsvc.example.com\", where \"host/\" is the service and \"krbsvc.example.com\" is the object's name. This SPN must be unique in the domain, so it's best to create one from scratch. The User Logon (pre-windows 2000) name isn't important. Once the account is created, open up ADSIEDIT.msc or the advanced view in Active Directory Users and Computers. In ADSIEDIT, find the account and option its properties. In ADUC, open the account and go to the Attribute Editor tab. In both, find the (blank) entry for servicePrincipalName and enter the SAME SPN that you entered for the User Logon name (ex. host/krbsvc.example.com). It's not required, but probably best practice to give the SPN a fully qualified name in your domain. You can also create the SPN with the SETSPN command. Close and re-open the account properties and you'll now see a Delegation tab. Go to that tab, select \"Trust this user for delegation to specified services only\" and \"Use any authentication protocol\". This last option enabled protocol transition. Now click the Add button, find the servers that you'll be providing SSO to, and then select their http/ SPNs. So if you have 10 web servers in a BIG-IP pool with Kerberos SSO applied, you'll need to configure this account to be able to delegate to the SPNs of those web servers.

\n

 

\n

 

2. Create your Kerberos SSO profile. Enter the Kerberos Realm, your domain name in all upper case. Then enter the SPN that you created for the domain service account in the Account Name field. In this case however, enter the SPN with the realm (ex. host/krbsvc.example.com@EXAMPLE.COM). This will allow cross-domain authentication to work if you ever need that. Set the account's password. Now here's where it gets a little tricky. Depending on your environment, your web servers will be \"owned\" by different entities. I'm not going to dive into the complexities of the Kerberos protocol here, but to say that Kerberos is governed by encryption keys that are tied to SPNs. If you're using IIS, the application pool for a given site will be owned by someone or something. If you've not touched it, then by default the application pool will be owned by the host server and the SPN will be \"http/\". If however you've configured the application pool to be owned by another entity, a user account perhaps, then that account needs an SPN assigned to it for Kerberos authentication to work. This is all very important because of the way APM load balances Kerberos-enabled servers. When the LTM chooses a server from a pool, APM performs a reverse DNS lookup to get the name of the server based on that IP. It takes that name, adds \"http/\" to the front and \"@\" to the back to derive an SPN. So if the IIS application pool isn't owned by the server, the SPN Pattern field in the Kerberos SSO profile allows you to \"short circuit\" this process. One other interesting caveat (in 11.3) is that you can't put an explicit string in this field (ex. http/mywebservers.example.com@EXAMPLE.COM). You need to create a hosts entry on the BIG-IP (under System) that points every server IP in the pool to this static name, then use the %s string replacement in your SPN pattern (ex. htt/%s@EXAMPLE.COM). The reverse DNS lookup still happens, but the Hosts entry will trump any real data and return the desired name (ex. mywebservers.example.com). One final important point when configuring the Kerberos SSO profile. In the Credentials Source section there are two values, Username Source and User Realm Source. These are the APM session values that the Kerberos SSO will use to perform authentication. Somewhere in your access policy you must ensure that these values are set to a valid username and realm name for the SSO to consume. That can come from a client certificate, logon page, LDAP/AD query, or anywhere at all.

\n

 

\n

 

3. Ensure that the BIG-IP's time is synchronized with the domain. Kerberos is very picky about time skew. Ensure that BIG-IP is configured with the domain's DNS. The BIG-IP should be able to perform forward and reverse DNS entries for objects in the domain.

\n

 

\n

 

This is really all there is to server side Kerberos SSO. If you run into problems, check your SPNs and install Wireshark on the DC (if possible) to capture the Kerberos traffic for troubleshooting.

\n

 

\n

 

\n

 

Failing over between server side Kerberos and NTLM SSOs

\n

 

This one is interesting, especially if you consider that the SSO methods are generally preemptive (they don't wait for a 401 to pass credentials). You can certainly switch SSO methods via iRule, but the condition by which you decide that is the tough bit. You could, for instance, switch to NTLM if the user entered a valid username and password, and do Kerberos if the user only entered a username (and some other auth vector like RSA token or smartcard), but it would be less trivial (though not impossible) to switch from Kerberos to NTLM in the event of a 401 response. I'd recommend a reconsideration of your requirements and use cases before attempting this.

\n

 

\n

 

\n

 

Passing client side Kerberos through if it exists

\n

 

Again, without digging into the depths of the Kerberos protocol, authentication is based upon encryption keys and associated SPNs (names). A unique SPN is associated with a unique encryption key. So when a client requests a resource within a domain, a resource that requires Kerberos authentication, the client will go to the domain controller (KDC) and request a ticket to that service BY NAME. That ticket will have information about both the client and service and be wrapped in encryption keys owned by user and services. If you ask for a service by the wrong name, the KDC will encrypt it with the wrong key and the service won't be able to decrypt it. Now when you're accessing a resource through a proxy, you're typically requesting it by some name that is associated with the IP address on the proxy. So if the web server's SPN is, for example, http/server1.example.com, and the client is accessing a proxy using the name http://www.example.com, the client would ask the KDC for a ticket to http/www.example.com. If the proxy just passed that traffic through to the server, then the server wouldn't be able to do anything with it (wrong name = wrong encryption key). So you have two options:

\n

 

\n

 

1. Make the name that the client requests, as associated with the IP on the proxy server, the same SPN that owns the web server's application pool. You'll necessarily need to assign the application pool to a domain (user) account a) because you'll need to be able to load balance and you're only making a ticket request for ONE name, and b) the client may know how to get to server1.example.com directly and completely bypass the proxy. To your request, the implication here is that you'd have to sniff the initial request for an Authorization header and bypass the logon page in APM.

\n

 

\n

 

2. Proxy the client side Kerberos. This is a completely different Kerberos configuration that I won't dive into, but no more complicated than the first. To your request, the implication here is roughly the same in that you have to sniff for the Authorization header and bypass the 401 and Kerberos Auth agents and go to a logon page instead.","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":0,"repliesCount":0,"postTime":"2013-04-26T08:53:47.000-07:00","lastPublishTime":"2013-04-26T08:53:47.000-07:00","metrics":{"__typename":"MessageMetrics","views":1210},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"customFields":[]},"ModerationData:moderation_data:190464":{"__typename":"ModerationData","id":"moderation_data:190464","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:190464":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:56845"},"id":"message:190464","entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:190462/message:190464","revisionNum":1,"uid":190464,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:190462"},"conversation":{"__ref":"Conversation:conversation:190462"},"subject":"Re: kerberos and ntlm authentication using APM","moderationData":{"__ref":"ModerationData:moderation_data:190464"},"body":"Kevin,

\n

 

Hi, thanks for the response, it will take me a wee while to absorb all that you are saying, however, one of the areas where I am really struggling is with the \"access policy\" editor. Here there are many choices, and truthfully, I am not sure that I have enough information to make an informed decision. Here is my current access policy...

\n

 

\n

 

Start---->fallback---->[HTTP 401 Response]---->basic---->[Deny]

\n

 

[HTTP 401 Response]---->negotiate---->[Allow]

\n

 

[HTTP 401 Response]---->fallback---->[Logon Page]---->fallback---->[AD Auth]---->successful---->[SSO Credential Mapping]---->fallback---->[Allow]

\n

 

[AD Auth]---->fallback---->[Deny]

\n

 

\n

 

From the Logon page, going forward, I have a working setup with NTLMv1 authentication. Chosen at the SSO credential mapping stage, but I am really unsure, if I want to put an HTTP 401 response object before this to handle Kerberos(just seems wrong). I have put this there, but I am pretty sure it is not handling kerberos at all, as my policy is still using NTLMv1.

\n

 

\n

 

It is really all the predefined actions, that are availble when you access the plus sign in the access policy editor, that to me have very little or poor documentation(it is very probably they do have good documentation, and I don't know where to find it) - I have copied the object list below, but I am really struggling to know what each one does, and what a typical scenario might be for kerberos(for example to I need to define a Kerberos AAA server object or not?). I appreciate that all this falls between two stools, F5 and Microsoft, but I assume I am not the first person to do this, and am looking for as much help and documentation as possible.

\n

 

\n

 

thanks to any and all for bearing with me on this one.

\n

 

\n

 

Sc0tt...

\n

 

\n

 

\n

 

object options for access policy objects

\n

 

General Purpose

\n

 

Date TimeCreate branch rules based on timeLogon PageWeb form-based logon page for collecting end user credentials

\n

 

HTTP 401 ResponseHTTP 401 Response for Basic or SPNEGO/Kerberos authenticationExternal Logon PageRedirect user to externally hosted web form-based logon page

\n

 

Full Resource AssignAdvanced expression-based assignment of Connectivity Resources, Webtop, and ACLsResource AssignSimple assignment of Connectivity Resources

\n

 

ACL AssignSimple assignment of on-box created Access Control Lists (ACLs)Webtop and Links AssignSimple assignment of Webtop and Webtop Links

\n

 

Pool AssignAssign Local Traffic PoolVariable AssignAdvanced assignment of custom variables, configuration variables, or predefined session variables

\n

 

Virtual KeyboardEnables a virtual keyboard on the web form-based logon page for entering credentialsSSO Credential MappingEnables Single Sign-On (SSO) credentials caching and assigns SSO variables

\n

 

Citrix Smart AccessEnables Citrix SmartAccess filters when deploying with XenApp or XenDesktopRoute Domain and SNAT SelectionDynamic Route Domain and SNAT settings selection

\n

 

LoggingLog custom messages and session variables for reporting and troubleshootingEmailConfigure Email messages for reporting

\n

 

Message BoxCreate a custom message to display to the end user with prompt to continueDecision BoxCreate a custom decision page to display to the end user with two choices

\n

 

Dynamic ACLAssignment of Access Control Lists (ACLs) retrieved from an external directory such as RADIUS or LDAPiRule EventRaises an iRule ACCESS_POLICY_AGENT_EVENT event for use with custom iRules scripts

\n

 

EmptyCreates an Empty Action for constructing custom Branch Rules

\n

 

Authentication

\n

 

AD AuthActive Directory authentication of end user credentialsAD QueryActive Directory query to pull user attributes for use with resource assignment or other functions / Group Mapping

\n

 

Client Cert InspectionCheck the result of client certificate authentication by the Local Traffic Client SSL profileCRLDP AuthCertificate Revocation List Distribution Point (CRLDP) client certificate authentication

\n

 

HTTP AuthHTTP authentication of end user credentialsLDAP AuthLDAP authentication of end user credentials

\n

 

LDAP QueryLDAP query to pull user attributes for use with resource assignment or other functions / Group MappingNTLM Auth Result CheckCheck the result of NTLM authentication of end user credentials

\n

 

OCSP AuthOnline Certificate Status Protocol (OCSP) client certificate authenticationOn-Demand Cert AuthDynamically initiate an SSL re-handshake and validate the received client certificate

\n

 

RADIUS AuthRADIUS authentication of end user credentialsRADIUS AcctSend accounting messages to a RADIUS server when users log on and off

\n

 

RSA SecurIDRSA SecurID two-factor authentication of end user credentialsTACACS+ AuthTACACS+ Authentication of end user credentials

\n

 

TACACS+ AcctSend accounting messages to a TACACS+ server when users log on and offKerberos AuthKerberos authentication, typically following an HTTP 401 Response action

\n

 

OAMOracle Access Manager (OAM) authentication of end user credentialsSAML AuthSAML Auth using SAML Service Provider Interface

\n

 

OTP GenerateGenerate One Time Passcode (OTP)OTP VerifyVerify One Time Passcode (OTP)

\n

 

Client Side Checks

\n

 

Antivirus CheckAntivirus Check for Windows, Mac and LinuxFirewall CheckFirewall Check for Windows, Mac and Linux

\n

 

Windows File CheckWindows File CheckMachine Cert AuthWindows Machine Cert Auth

\n

 

Windows InfoWindows OS InfoMachine InfoWindows Machine Info

\n

 

Windows Process CheckWindows Process CheckRegistry CheckWindows Registry Check

\n

 

Mac File CheckMac File CheckMac Process CheckMac Process Check

\n

 

Linux File CheckLinux File CheckLinux Process CheckLinux Process Check

\n

 

Client Side Actions

\n

 

Cache and Session ControlWindows Browser Cache and Session ControlProtected WorkspaceWindows Protected Workspace

\n

 

Windows Group PolicyWindows Group Policy

\n

 

Server Side Checks

\n

 

Client-Side Check CapabilityClient-Side Check CapabilityClient OSType of Client OS

\n

 

Client TypeType of Client ApplicationLanding URICheck Landing URI

\n

 

IP Subnet MatchCheck Client's IP SubnetIP Reputation CheckCheck Client's IP Reputation

\n

 

Client for MS ExchangeCheck for client for MS Exchange Server, such as MS Outlook, etc. This action requires _sys_APM_ExchangeSupport_main or _sys_APM_ExchangeSupport_OA_BasicAuth iRule or _sys_APM_ExchangeSupport_OA_NtlmAuth iRule.IP Geolocation MatchMatch IP Geolocation

\n

 

License CheckCreate branch rules based on license usage

 

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"208","kudosSumWeight":0,"repliesCount":0,"postTime":"2013-04-29T02:56:12.000-07:00","lastPublishTime":"2013-04-29T02:56:12.000-07:00","metrics":{"__typename":"MessageMetrics","views":1198},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"customFields":[]},"ModerationData:moderation_data:190465":{"__typename":"ModerationData","id":"moderation_data:190465","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:190465":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:56845"},"id":"message:190465","entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:190462/message:190465","revisionNum":1,"uid":190465,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:190462"},"conversation":{"__ref":"Conversation:conversation:190462"},"subject":"Re: kerberos and ntlm authentication using APM","moderationData":{"__ref":"ModerationData:moderation_data:190465"},"body":"HI,

\n

 

I believe I have found the correct document for what I am trying to do. This seems to use a 401 response to collect credentials and allows me to use either basic or kerberos authentication. Pretty much what I think I a trying to do.

\n

 

\n

 

http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-aaa-auth-config-11-3-0/3.htmlconceptid","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"208","kudosSumWeight":0,"repliesCount":0,"postTime":"2013-04-29T04:45:46.000-07:00","lastPublishTime":"2013-04-29T04:45:46.000-07:00","metrics":{"__typename":"MessageMetrics","views":1256},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"customFields":[]},"ModerationData:moderation_data:190466":{"__typename":"ModerationData","id":"moderation_data:190466","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:190466":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:130391"},"id":"message:190466","entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:190462/message:190466","revisionNum":1,"uid":190466,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:190462"},"conversation":{"__ref":"Conversation:conversation:190462"},"subject":"Re: kerberos and ntlm authentication using APM","moderationData":{"__ref":"ModerationData:moderation_data:190466"},"body":"That's a decent document, though I would add a few thoughts:

\n

 

\n

 

1. You can add and remove branches from the 401 agent, so you could strip out the Basic auth and just do Negotiate. To do that, go to the Branch Rules tab and remove the Basic condition, then go back to the Properties tab and select negotiate as the HTTP Auth Level.

\n

 

\n

 

2. Negotiate applies to both NTLM and Kerberos on the client side.

\n

 

\n

 

3. I would recommend using the KRB5_NT_PRINCIPAL PTYPE when exporting the keytab. It shouldn't break it to use another type, but this is, in my opinion, more semantically correct. You also shouldn't have to specify the -crypto version if using Win2008, though it may come in handy with different OS versions. Your setspn would then look something like this:

\n

 

setspn -princ HTTP/www.example.com@EXAMPLE.COM -mapuser example\\joe.user -ptype KRB5_NT_PRINCIPAL -pass password -out c:\\temp\\www.example.com.keytab

\n

 

\n

 

So from an APM traffic flow perspective:

\n

 

1. The user accesses the VIP for the first time and does not send a session cookie - APM redirects the user to /my.policy with a new session cookie

\n

 

2. The user accesses the /my.policy URI, sends the new session cookie, signaling the beginning of the access policy evaluation

\n

 

3. The 401 agent sees that the user is not sending an Authorization header and returns a 401 response with the configured options (Basic or Negotiate)

\n

 

4. The user, in the case of Negotiate, communicates with the KDC (domain controller) to get a ticket for the service (as specified in the URL - so for example \"http/www.example.com@EXAMPLE.COM\")

\n

 

5. The KDC validates the user's TGT (a long-life ticket they received when they first authenticated to the domain), generates a ticket (nonce, time stamp, client and service information, PAC data, one copy of short-lived session encryption key, other stuff), encrypts that value in the service's Kerberos encryption key (that it shares with the service), adds the other copy of the short-lived session encryption key and wraps it again in the user's encryption key (that is shares with the user), and then passes it back to the user.

\n

 

6. The user decrypts the outer shell and extracts a session encryption key and an encrypted blob that it cannot decrypt, and passes that blob to the service. This binary data is base64-encoded and placed into an Authorization: Negotiate HTTP header.

\n

 

7. The APM 401 agent sees the Authorization header, that it is of the type Negotiate, and then sends it down its Negotiate branch, to the Kerberos Auth agent.

\n

 

8. The Kerberos auth agent should posses a keytab file, as defined in the Kerberos AAA, that contains the encryption of the service (ie. http/www.example.com@EXAMPLE.COM). If it does, then it should be able to decrypt the remaining layer and expose the Kerberos ticket data and the second session encryption key. If that succeeds then APM client side Kerberos authentication is COMPLETE. The Kerberos auth fills the session.logon.last.username session variable with the UPN of the user (ex. joe.user@example.com). You can then use this value however you like to do SSO on the server side.

\n

 

\n

 

And now a few last thoughts.

\n

 

1. The 401 agent will pass the traffic through a specified branch if it sees the Authorization header.

\n

 

2. The SSO Credential Mapping agent is only needed with certain types of SSO profiles, and has nothing to do with client side authentication. It is there to format user/pass/domain values as required for the SSO. For client side Kerberos you only need the 401 and Kerberos Auth agents.","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"213","kudosSumWeight":0,"repliesCount":0,"postTime":"2013-04-29T06:24:31.000-07:00","lastPublishTime":"2013-04-29T06:24:31.000-07:00","metrics":{"__typename":"MessageMetrics","views":1200},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"customFields":[]},"User:user:59062":{"__typename":"User","id":"user:59062","uid":59062,"login":"emssie_128887","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2019-05-04T14:44:53.000-07:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-11.svg?time=0"},"rank":{"__ref":"Rank:rank:41"},"entityType":"USER","eventPath":"community:zihoc95639/user:59062"},"ModerationData:moderation_data:190467":{"__typename":"ModerationData","id":"moderation_data:190467","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:190467":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:59062"},"id":"message:190467","entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:190462/message:190467","revisionNum":1,"uid":190467,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:190462"},"conversation":{"__ref":"Conversation:conversation:190462"},"subject":"Re: kerberos and ntlm authentication using APM","moderationData":{"__ref":"ModerationData:moderation_data:190467"},"body":"I am new to this forum and to F5 prodcuts in general. I was troubleshooting an issue with APM Kerberos Auth AAA and stumbled to this forum. Very good discussion indeed. I have done most of the things pointed out on this article

\n

 

\n

 

1. VIP IP registered in DNS (host A and PTR records) - Testserver.demo.com 10.1.1.5

\n

 

2. F5 Configured to point to AD domain DNS server

\n

 

3. Created a service account in AD - demo\\SvcAcct

\n

 

4. Create an SPN -- setspn -U -A HTTP/Testserver.demo.com SvcAcct

\n

 

5. Created a keytab file = ktpass -princ HTTP/Testserver.demo.com@DEMO.COM -mapuser svcAcct@DEMO.COM -crypto rc4-hmac-nt -ptype KRB5_NT_SRV_HST -pass password -out c:\\temp\\svcacct.keytab

\n

 

6. Uploaded the keytab file to the Access Policy AAA Server configuration (verified keytab file using Klist command tool on the F5 command shell)

\n

 

7. Created a constrained delegation on the SvcAcct to specific servicess (HOST and HTTP services of the web servers) any protocol

\n

 

8. verified delegation by using the Kinit tool

\n

 

9. created a acces policy HTTP 401 Response --> Nego -> Kerberos Auth --> success -> Allow

\n

 

\n

 

After all this, I still cannot get Kerberos auth to be successfull. Can someone tell me what I may be missing out or doing wrong.

\n

 

\n

 

Thank you for you input in advance

\n

 

\n

 

\n

 

 

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":0,"repliesCount":0,"postTime":"2013-07-19T12:30:07.000-07:00","lastPublishTime":"2013-07-19T12:30:07.000-07:00","metrics":{"__typename":"MessageMetrics","views":1207},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:190468":{"__typename":"ModerationData","id":"moderation_data:190468","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:190468":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:130391"},"id":"message:190468","entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:190462/message:190468","revisionNum":1,"uid":190468,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:190462"},"conversation":{"__ref":"Conversation:conversation:190462"},"subject":"Re: kerberos and ntlm authentication using APM","moderationData":{"__ref":"ModerationData:moderation_data:190468"},"body":"Okay, to start with let's clarify that the Kerberos AAA is a client side config. If you have to use Kerberos on the server side, that's a completely different set of options. Here are some things to look at as you troubleshoot APM Kerberos AAA:

\n

 

\n

 

1. The first thing you should do is set up a capture. If you can get Wireshark on the DC, that tends to be the best vantage point. You'll be looking specifically for Kerberos (and potentially DNS) traffic.

\n

 

\n

 

2. There are a few places client side Kerberos can go wrong, so to rule out issues on the client itself, add some message boxes inline with the 401 and Kerberos auth agents. You want to see a message before the 401 (initial request), after the 401 (browser returning with a Kerberos ticket), and then after the Kerberos auth agent (good auth). If it never makes it past the 401 agent, then your browser is likely not making a Kerberos request. If an IE browser, you need to add the VIP's host name to your Trusted Intranet Sites list. If you've done that and now failing at the Kerberos auth agent, continue the steps below.

\n

 

\n

 

3. I've have very limited success with AD service accounts that are not all lowercase. I know it doesn't make sense, but that is a pretty consistent observation.

\n

 

\n

 

4. Once you've created the service account, you don't have to manually create the SPN with SETSPN as the KTPASS command will do that for you. And although there are a few references to using a ptype of KRB5_NT_SRV_HOST, you're tying this SPN to a user account, so it's more semantically correct to use KRB5_NT_PRINCIPAL. When you're done you can verify the SPN creation in the service account.

\n

 

\n

 

5. Delegation settings are absolutely NOT required for client side Kerberos.

\n

 

\n

 

6. Verify of course that you have good A and PTR records for the VIP's host name and that the clocks of all involved parties are fairly close if not in sync. Also check for duplicate SPNs. There's nothing more frustrating than a week of troubleshooting to find out someone else created the same SPN somewhere else.

\n

 

\n

 

7. Between testing it's a good idea to clear caches. On the APM side, issue the following command in the shell:

\n

 

\n

 

bigstart restart rba

\n

 

\n

 

On the client side (Windows), issue the following command in the shell:

\n

 

\n

 

klist purge

\n

 

\n

 

8. You can increase logging with the following TMSH command:

\n

 

\n

 

tmsh modify sys db log.rba.level value debug

\n

 

\n

 

Make sure to set it back to \"notice\" when you're done troubleshooting.

\n

 

\n

 

9. If you're still not getting past the Kerberos auth agent, take a closer look at DNS traffic in the captures. On some systems I've seen APM attempt to resolve AAAA records in AD and then fail if they don't exist. Just make sure whatever APM is asking for exists and is resolvable.

\n

 

\n

 

10. Finally, and this is a stretch, but if you've been at this troubleshooting for awhile, there's a good possibility that you could have mismatched KVNO values. On your DC, issue the following command (modify as required):

\n

 

\n

 

ldifde -f c:\\spn_out.txt -d \"DC=mydomain,DC=com\" -l *,msDS-KeyVersionNumber -r \"(serviceprincipalname=HTTP/webtest*)\" -p subtree

\n

 

\n

 

The ldifde command comes in a resource pack I believe. Look for the \"msDS-KeyVersionNumber\" string in the output file. On the BIG-IP:

\n

 

\n

 

klist -ekt

\n

 

\n

 

If the KVNO values don't match, delete and recreate the AD service account, rerun KTPASS, and reimport the keytab to the AAA config.

\n

 

\n

 

The above steps usually resolve most of my client side Kerberos issues. If you're still not getting it to work, please reply back and submit a sample of the captures if you can.

 

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":0,"repliesCount":0,"postTime":"2013-07-19T20:41:11.000-07:00","lastPublishTime":"2013-07-19T20:41:11.000-07:00","metrics":{"__typename":"MessageMetrics","views":1198},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:190469":{"__typename":"ModerationData","id":"moderation_data:190469","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:190469":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:130391"},"id":"message:190469","entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:190462/message:190469","revisionNum":1,"uid":190469,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:190462"},"conversation":{"__ref":"Conversation:conversation:190462"},"subject":"Re: kerberos and ntlm authentication using APM","moderationData":{"__ref":"ModerationData:moderation_data:190469"},"body":"The above klist command should be:

\n

 

\n

 

klist -ekt [path to keytab file]","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"92","kudosSumWeight":0,"repliesCount":0,"postTime":"2013-07-19T20:43:03.000-07:00","lastPublishTime":"2013-07-19T20:43:03.000-07:00","metrics":{"__typename":"MessageMetrics","views":1231},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:190470":{"__typename":"ModerationData","id":"moderation_data:190470","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:190470":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:59062"},"id":"message:190470","entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:190462/message:190470","revisionNum":1,"uid":190470,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:190462"},"conversation":{"__ref":"Conversation:conversation:190462"},"subject":"Re: kerberos and ntlm authentication using APM","moderationData":{"__ref":"ModerationData:moderation_data:190470"},"body":"Thank you Kevin,

\n

 

\n

 

1. I created a new user account in AD -- all lower case

\n

 

2. Generated new keytab file with KRB5_NT_PRINCIPAL and uploaded to the AAA server config in APM

\n

 

3. Verified Host and PTR records can be resolved by all units involved - Client machine, Domain Controller, F5 appliance, Webserver

\n

 

4. Domain Controller (PDC) is configured as the NTP server of the F5 appliance to avoid time skew

\n

 

5. I have checked the KVNO values in AD and the keytab file - it is a match

\n

 

6. Tested keytab file using KList command - good

\n

 

\n

 

Still No good

\n

 

\n

 

Took a wireshark capture on the domain controller

\n

 

\n

 

I could see TGS kerberos request from the client machine to DC and DC sending back granted TGS ticket to client

\n

 

Checked DNS traffic, I saw the F5 was looking for AAAA record which it does not find, then it asks for host A record which it resolves but I don't know what it does with it after that

\n

 

On further analysis, we noticed traffic from F5 (e.g DNS lookup, TCP) are coming from the mgmt port of the appliance rather than the Self-IP configured on the LTM (which I believe APM is listening on)

\n

 

Futhermore, the IP addres of the MGMT port is on the same VLAN as the Domain Controller. We are suspecting this could be the problem but we are yet to confirm. I will update you once we make the change of the MGMT Ip address to a diff VLAN.

\n

 

\n

 

Thanks you again for you response.

\n

 

\n

 

\n

 

\n

 

\n

 

\n

 

\n

 

 

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"223","kudosSumWeight":0,"repliesCount":0,"postTime":"2013-07-29T07:57:27.000-07:00","lastPublishTime":"2013-07-29T07:57:27.000-07:00","metrics":{"__typename":"MessageMetrics","views":1198},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:190471":{"__typename":"ModerationData","id":"moderation_data:190471","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:190471":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:130391"},"id":"message:190471","entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:190462/message:190471","revisionNum":1,"uid":190471,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:190462"},"conversation":{"__ref":"Conversation:conversation:190462"},"subject":"Re: kerberos and ntlm authentication using APM","moderationData":{"__ref":"ModerationData:moderation_data:190471"},"body":"Try this:

\n

 

\n

 

1. Remove the DNS Lookup Server List value from the BIG-IP (System - Configuration - Device - DNS) and test again.

\n

 

\n

 

2. If the above works, add the DNS server IP back and create a bogus AAAA value for this host in your DNS so that the AAAA request succeeds.","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"223","kudosSumWeight":0,"repliesCount":0,"postTime":"2013-07-29T08:24:24.000-07:00","lastPublishTime":"2013-07-29T08:24:24.000-07:00","metrics":{"__typename":"MessageMetrics","views":1228},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:190472":{"__typename":"ModerationData","id":"moderation_data:190472","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:190472":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:59062"},"id":"message:190472","entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:190462/message:190472","revisionNum":1,"uid":190472,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:190462"},"conversation":{"__ref":"Conversation:conversation:190462"},"subject":"Re: kerberos and ntlm authentication using APM","moderationData":{"__ref":"ModerationData:moderation_data:190472"},"body":"

OK, I finally got this to work. on creating the keytab file, I notieced I was using the \"domainname\\UserName\" parameter while mapping the user to the SPN as show below

 

\n

ktpass -princ HTTP/www.example.com@EXAMPLE.COM -mapuser example\\joe.user -ptype KRB5_NT_PRINCIPAL -pass password -out c:\\temp\\www.example.com.keytab

 

\n

I created a new keytab file but changed the -mapuser to \"username@EXAMPLE.COM.

 

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"208","kudosSumWeight":0,"repliesCount":0,"postTime":"2013-08-12T11:08:04.000-07:00","lastPublishTime":"2013-08-12T11:08:04.000-07:00","metrics":{"__typename":"MessageMetrics","views":1226},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1751557989989","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/EscalatedMessageBanner-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/EscalatedMessageBanner-1751557989989","value":{"escalationMessage":"Escalated to Salesforce by {username} on {date}","viewDetails":"View Details","modalTitle":"Case Details","escalatedBy":"Escalated by: ","escalatedOn":"Escalated on: ","caseNumber":"Case Number: ","status":"Status: ","lastUpdateDate":"Last Update: ","automaticEscalation":"automatic escalation","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1751557989989","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserRank-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserRank-1751557989989","value":{"rankName":"{rankName}","userRank":"Author rank {rankName}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1751557989989","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSolvedBadge-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSolvedBadge-1751557989989","value":{"solved":"Solved"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1751557989989","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1751557989989","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCustomFields-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCustomFields-1751557989989","value":{"CustomField.default.label":"Value of {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyButton-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyButton-1751557989989","value":{"repliesCount":"{count}","title":"Reply","title@board:BLOG@message:root":"Comment","title@board:TKB@message:root":"Comment","title@board:IDEA@message:root":"Comment","title@board:OCCASION@message:root":"Comment"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListMenu-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListMenu-1751557989989","value":{"postTimeAsc":"Oldest","postTimeDesc":"Newest","kudosSumWeightAsc":"Least Liked","kudosSumWeightDesc":"Most Liked","sortTitle":"Sort By","sortedBy.item":" { itemName, select, postTimeAsc {Oldest} postTimeDesc {Newest} kudosSumWeightAsc {Least Liked} kudosSumWeightDesc {Most Liked} other {}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/AcceptedSolutionButton-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/AcceptedSolutionButton-1751557989989","value":{"accept":"Mark as Solution","accepted":"Marked as Solution","errorHeader":"Error!","errorAdd":"There was an error marking as solution.","errorRemove":"There was an error unmarking as solution.","solved":"Solved","topicAlreadySolvedErrorTitle":"Solution Already Exists","topicAlreadySolvedErrorDesc":"Refresh the browser to view the existing solution"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMorePreviousNextLinkable-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMorePreviousNextLinkable-1751557989989","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewCard-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewCard-1751557989989","value":{"gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1751557989989","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1751557989989","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1751557989989","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1751557989989","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/ranks/UserRankLabel-1751557989989","value":{"altTitle":"Icon for {rankName} rank"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagView/TagViewChip-1751557989989","value":{"tagLabelName":"Tag name {tagName}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1751557989989":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1751557989989","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false}}}},"page":"/forums/ForumMessagePage/ForumMessagePage","query":{"boardId":"technicalforum","messageSubject":"kerberos-and-ntlm-authentication-using-apm","messageId":"190462"},"buildId":"8CqYPsxb5UG4aoIp8lqTz","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","surveysEnabled":true,"openTelemetry":{"clientEnabled":false,"configName":"f5","serviceVersion":"25.4.0","universe":"prod","collector":"http://localhost:4318","logLevel":"error","routeChangeAllowedTime":"5000","headers":"","enableDiagnostic":"false","maxAttributeValueLength":"4095"},"apolloDevToolsEnabled":false,"quiltLazyLoadThreshold":"3"},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["components_seo_QAPageSchema","components_customComponent_CustomComponent","components_community_Navbar_NavbarWidget","components_community_Breadcrumb_BreadcrumbWidget","components_messages_TopicWithThreadedReplyListWidget","components_featured_content_FeaturedContentWidget","components_messages_MessageListForNodeByRecentActivityWidget","components_messages_RelatedContentWidget","components_messages_MessageView_MessageViewStandard","components_messages_ThreadedReplyList","components_customComponent_CustomComponentContent_TemplateContent","components_messages_EscalatedMessageBanner","shared_client_components_common_List_UnstyledList","components_messages_MessageView","shared_client_components_common_Pager_PagerLoadMorePreviousNextLinkable","shared_client_components_common_List_GridList","components_messages_MessageView_MessageViewCard","components_messages_MessageView_MessageViewInline","shared_client_components_common_Pager_PagerLoadMore","components_customComponent_CustomComponentContent_HtmlContent","shared_client_components_common_List_UnwrappedList","components_tags_TagView","components_tags_TagView_TagViewChip","components_customComponent_CustomComponentContent_CustomComponentScripts"],"appGip":true,"scriptLoader":[]}