Hi Team, We have setup SAML authentication for our onprem application with AZUR AD on F5 APM. In first place saml authentication working and after that it make query to On prem AD sever. after that we are getting below error message. Please help us me to resolve this issue.

Will probably need more information before anyone will be able to effectively troubleshoot this:Is this impacting all users, or just some? Azure does this if people are signing into multiple accounts, requiring that the users clear their browser historyWere there any changes or upgrades made to the F5 when this broke?What to the APM session logs show when this happens? Did the SAML Signing Certificate in Azure expire?

Thanks for updating ..please find the below details.Is this impacting all users, or just some? Azure does this if people are signing into multiple accounts, requiring that the users clear their browser history --No its new requirement Users are first authenticating through SAML and after that it will make query to on prem AD server and login page will open. SAML authentication working after that AD deny traffic.Azure cert no expired. First time we are setuping this authentication with SAML is there any setting require on AD side for kerbose authentication?

From the APM logs it looks like your AD Query isn't finding the username. What is your AD Query using for a Search Filter? I believe it should be:(sAMAccountName=%{session.saml.last.identity}) Reference: https://my.f5.com/manage/s/article/K22941103

We are using this filter --(sAMAccountName=%{session.logon.last.username}) Nou sure where exactly problem, in the apm logs we can see deny from AD but as per server team no issue seen from there end.

Try the following two options to see if one of them fixes it:1. Add a Variable Assign event between SAML Auth and AD query OR2. Change (sAMAccountName=%{session.logon.last.username}) to (sAMAccountName=%{session.saml.last.identity})

Login authentication error on F5 apm

DanSkow
Cirrus
Aug 26, 2024
Will probably need more information before anyone will be able to effectively troubleshoot this:

Is this impacting all users, or just some? Azure does this if people are signing into multiple accounts, requiring that the users clear their browser history
Were there any changes or upgrades made to the F5 when this broke?
What to the APM session logs show when this happens?
Did the SAML Signing Certificate in Azure expire?
- sandipkakade
  Nimbostratus
  Aug 27, 2024
  Thanks for updating ..please find the below details.
  Is this impacting all users, or just some? Azure does this if people are signing into multiple accounts, requiring that the users clear their browser history --No its new requirement
  Users are first authenticating through SAML and after that it will make query to on prem AD server and login page will open. SAML authentication working after that AD deny traffic.
  Azure cert no expired. First time we are setuping this authentication with SAML
  
  is there any setting require on AD side for kerbose authentication?
  - DanSkow
    Cirrus
    Aug 27, 2024
    From the APM logs it looks like your AD Query isn't finding the username. What is your AD Query using for a Search Filter? I believe it should be:
    
    (sAMAccountName=%{session.saml.last.identity})
    
    Reference: https://my.f5.com/manage/s/article/K22941103
sandipkakade
Nimbostratus
Aug 27, 2024
Hi DanSkow
After doing above suggested changes, still same issue.
- DanSkow
  Cirrus
  Aug 27, 2024
  It's not exactly the same issue since the "AD agent: Query" logs actually show a username now. So that's progress.
  What do the AD Query Branch Rules look like? Did you update the branch rule to be "AD Query User is a Member of x" ?
  If the branch rules are already correct, then you'll need to send the APM logs in a way that they aren't cut off on the right side. I can't tell what most of them say in your last screenshot.

sandipkakade

Nimbostratus

Aug 27, 2024

Please find attached snap

I am pasting few logs here :

;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=618;Message=variable "session.ad.last.attr.primaryGroupID" for session "c87070b4" was not found in MEMCACHED;

;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490005:5:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Policy_Rule_Caption=fallback;Current_Node=AD Query;Next_Node=Deny;

;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490102:5:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Access_Policy_Result=Logon_Deny;

;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490004:6:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Executed_Agent=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA_end_deny_ag;Return_Value=0;result_str=Execution Done;

;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=AccessPolicyProcessor/AccessPolicy.cpp;Function=execute;Line=662;Message=Let's evaluate rules, total number of rules for this action=0;

;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=AccessPolicyProcessor/AccessPolicy.cpp;Function=execute;Line=759;Message=We reached a terminator - completely done with Access Policy for this session;

;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=603;Message=variable "session.client.browscap_info" was not found in the local cache for session "c87070b4";

;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=632;Message=variable found, let's add it to the local cache "session.client.browscap_info"="uimode=0&ctype=Mozilla&cversion=5&cjs=1&cactivex=0&cplugin=0&cplatform=Win10&cpu=x64&ccustom_protocol=1"(length=103);

;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=AccessPolicyProcessor/AccessPolicy.cpp;Function=execute;Line=782;Message=Browscap is "uimode=0&ctype=Mozilla&cversion=5&cjs=1&cactivex=0&cplugin=0&cplatform=Win10&cpu=x64&ccustom_protocol=1";

;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490248:5:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_ID=c87070b4;Client_Hostname=;Client_Type=Mozilla;Client_Version=5;Client_Platform=Win10;Client_CPU=x64;Client_UI_Mode=Full;Client_JS_Support=1;Client_Activex_Support=0;Client_Plugin_Support=0;

;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=ApmD.cpp;Function=process_apd_request;Line=1895;Message=processing of access policy is done, result code=fffffff1;

;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490007:6:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Session_Variable_Name=session.bigip_saml_sp_information;Session_Variable_Value=_232124ee-c7e8-43ba-a6b2-c4e7c4536200 urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress c2tha2FkZUBmbHllaWEuY29t https://sts.windows.net/986ed830-d027-41d9-98e2-a2c285aa3d5c/ https://connect.flyeia.com/ https://login.microsoftonline.com/986ed830-d027-41d9-98e2-a2c285aa3d5c/saml2 https://login.microsoftonline.com/986ed830-d027-41d9-98e2-a2c285aa3d5c/saml2 /Common/connect.flyeia.com_new_2024_cert /Common/connect.flyeia.com_new_2024_cert /Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA_IDP_CONNECTFLYEIA__saml_idp_metadata_cert.crt 1 1 ;

DanSkow
Cirrus
Aug 27, 2024
That branch rule shows AD User's Primary Group ID is 100 AND AD User is a member of <group>.
- sandipkakade
  Nimbostratus
  Aug 27, 2024
  is there anything missing from configuration side . please suggest

sandipkakade
Nimbostratus
Aug 27, 2024
ion=Common;Session_Id=c87070b4;File=modules/Authentication/Saml/SamlSPAgent.cpp;Function=createAssertionSessionVars;Line=3231;Message=Authn Class Ref: urn:oasis:names:tc:SAML:2.0:ac:classes:Password;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=modules/Authentication/Saml/SamlSPAgent.cpp;Function=createAssertionSessionVars;Line=3231;Message=Authn Class Ref: urn:oasis:names:tc:SAML:2.0:ac:classes:Password;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490004:6:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Executed_Agent=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA_act_saml_auth_ag;Return_Value=0;result_str=Execution Done;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490004:6:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Executed_Agent=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA_act_saml_auth_ag;Return_Value=0;result_str=Execution Done;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=AccessPolicyProcessor/AccessPolicy.cpp;Function=execute;Line=662;Message=Let's evaluate rules, total number of rules for this action=2;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=AccessPolicyProcessor/AccessPolicy.cpp;Function=execute;Line=662;Message=Let's evaluate rules, total number of rules for this action=2;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=AccessPolicyProcessor/AccessPolicy.cpp;Function=execute;Line=668;Message=Rule to evaluate = "expr {[mcget {session.saml.last.result}] == 1}";
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=AccessPolicyProcessor/AccessPolicy.cpp;Function=execute;Line=668;Message=Rule to evaluate = "expr {[mcget {session.saml.last.result}] == 1}";
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490006:6:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Rule_Caption=Successful;Current_Node=SAML Auth;Next_Node=AD Query;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490006:6:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Rule_Caption=Successful;Current_Node=SAML Auth;Next_Node=AD Query;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490011:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;Function_Name=executeInstance;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490011:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;Function_Name=executeInstance;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490231:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;ServerName=/Common/ACAUTH-PRD-AD-EALOCAL;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490231:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;ServerName=/Common/ACAUTH-PRD-AD-EALOCAL;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=603;Message=variable "session.logon.last.username" was not found in the local cache for session "c87070b4";
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=603;Message=variable "session.logon.last.username" was not found in the local cache for session "c87070b4";
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=610;Message=try to get it from MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=610;Message=try to get it from MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=618;Message=variable "session.logon.last.username" for session "c87070b4" was not found in MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=618;Message=variable "session.logon.last.username" for session "c87070b4" was not found in MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=603;Message=variable "session.logon.last.domain" was not found in the local cache for session "c87070b4";
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=603;Message=variable "session.logon.last.domain" was not found in the local cache for session "c87070b4";
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=610;Message=try to get it from MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=610;Message=try to get it from MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=618;Message=variable "session.logon.last.domain" for session "c87070b4" was not found in MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=618;Message=variable "session.logon.last.domain" for session "c87070b4" was not found in MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=603;Message=variable "session.logon.last.password" was not found in the local cache for session "c87070b4";
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=603;Message=variable "session.logon.last.password" was not found in the local cache for session "c87070b4";
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=610;Message=try to get it from MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=610;Message=try to get it from MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=618;Message=variable "session.logon.last.password" for session "c87070b4" was not found in MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=618;Message=variable "session.logon.last.password" for session "c87070b4" was not found in MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=603;Message=variable "session.logon.last.change_password" was not found in the local cache for session "c87070b4";
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=603;Message=variable "session.logon.last.change_password" was not found in the local cache for session "c87070b4";
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=610;Message=try to get it from MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=610;Message=try to get it from MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=618;Message=variable "session.logon.last.change_password" for session "c87070b4" was not found in MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490266:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;File=./AccessPolicyProcessor/Session.h;Function=getSessionVar;Line=618;Message=variable "session.logon.last.change_password" for session "c87070b4" was not found in MEMCACHED;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490023:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;Function_Name=queryActiveDirectory;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490023:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;Function_Name=queryActiveDirectory;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490111:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Module=AD;Debug_Message=verifyKrb5Cache():
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490111:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Module=AD;Debug_Message=verifyKrb5Cache():
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490111:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Module=AD;Debug_Message=verifyKrb5Cache():
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490111:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Module=AD;Debug_Message=verifyKrb5Cache():
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490027:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;Agent_URI=ldap://127.7.0.1:389;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490027:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;Agent_URI=ldap://127.7.0.1:389;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490027:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;Agent_URI=ldap://127.7.0.1:389;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490027:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;Agent_URI=ldap://127.7.0.1:389;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490029:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490029:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490107:3:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Action=query with;Object=(sAMAccountName=skakade@flyeia.com);Error_Message=no matching user found with filter (sAMAccountName=skakade@flyeia.com);Error_Code=-1;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490107:3:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Action=query with;Object=(sAMAccountName=skakade@flyeia.com);Error_Message=no matching user found with filter (sAMAccountName=skakade@flyeia.com);Error_Code=-1;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490107:3:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Action=query with;Object=(sAMAccountName=skakade@flyeia.com);Error_Message=no matching user found with filter (sAMAccountName=skakade@flyeia.com);Error_Code=-1;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490111:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Module=AD;Debug_Message=queryActiveDirectoryAttrs(): no matching user found with filter (sAMAccountName=skakade@flyeia.com) (-1)
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490111:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Module=AD;Debug_Message=queryActiveDirectoryAttrs(): no matching user found with filter (sAMAccountName=skakade@flyeia.com) (-1)
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490024:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;Function_Name=queryActiveDirectory;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490024:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;Function_Name=queryActiveDirectory;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490019:6:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Query_String=(sAMAccountName=skakade@flyeia.com);Query_Result=failed;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490019:6:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Query_String=(sAMAccountName=skakade@flyeia.com);Query_Result=failed;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490012:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;Function_Name=executeInstance;
;hostname=ERAA-F5-LB1.FLYEIA.COM;errdefs_msgno=01490012:7:;partition_name=Common;session_id=c87070b4;Access_Profile=/Common/SP_CONNECTFLYEIA.app/SP_CONNECTFLYEIA;Partition=Common;Session_Id=c87070b4;Agent_Name=AD;Function_Name=executeInstance;
- DanSkow
  Cirrus
  Aug 27, 2024
  Thank you for sending the full logs. We're closer than when we started since the username shows up in the logs now, but there's something missing since it's trying to authenticate your UserPrincipalName to the sAMAccountName attribute.
  no matching user found with filter (sAMAccountName=skakade@flyeia.com)
  I'm not sure, but you might need to change the AD Query to use Search Filter: (UserPrincipalName=%{session.logon.last.username})
  - sandipkakade
    Nimbostratus
    Aug 27, 2024
    After making changes ..below is the logs
Aswin_mk
Cirrocumulus
Aug 27, 2024
Hi,

Is it possible to attach logs of a session and show where its failing. just go to a failed session and search as "follow", you will get where its failing exact reason about it. then we can find in which branch the policy getting failed

BR
Aswin
sandipkakade
Nimbostratus
Aug 27, 2024
unable to attached csv file .
Aswin_mk
Cirrocumulus
Aug 27, 2024
Is it possible to attach screenshot of log where it's failing? With reason/error code.
- sandipkakade
  Nimbostratus
  Aug 28, 2024
  Plese find the below error
sandipkakade
Nimbostratus
Aug 28, 2024
Hi Team,
is there any missing from policy end.
Aswin_mk
Cirrocumulus
Aug 28, 2024
may be its there, as azure ad will be the SP, you can check error in AD aswell

Forum Discussion

Login authentication error on F5 apm

Recent Discussions

Question about WAF Enforced with has suggestion Signature

BIG-IP syslog include

URL redirection

URL redirect

Help me understand Load Balancing

Related Content

DevCentral to Require Multi-Factor Authentication for Account Login from September 26

Reduce Login Friction with F5 Distributed Cloud Authentication Intelligence

Application Programming Interface (API) Authentication types simplified

Creating local users when using Remote Authentication and unavailable login

AD Authentication and Local DB Authentication in APM