Forum Discussion
sandipkakade
Nimbostratus
NimbostratusLogin authentication error on F5 apm
Hi Team, We have setup SAML authentication for our onprem application with AZUR AD on F5 APM. In first place saml authentication working and after that it make query to On prem AD sever. after t...
DanSkow
Cirrus
CirrusWill probably need more information before anyone will be able to effectively troubleshoot this:
- Is this impacting all users, or just some? Azure does this if people are signing into multiple accounts, requiring that the users clear their browser history
- Were there any changes or upgrades made to the F5 when this broke?
- What to the APM session logs show when this happens?
- Did the SAML Signing Certificate in Azure expire?
sandipkakadeThanks for updating ..please find the below details.
- Is this impacting all users, or just some? Azure does this if people are signing into multiple accounts, requiring that the users clear their browser history --No its new requirement
- Users are first authenticating through SAML and after that it will make query to on prem AD server and login page will open. SAML authentication working after that AD deny traffic.
- Azure cert no expired. First time we are setuping this authentication with SAML
is there any setting require on AD side for kerbose authentication?
- DanSkow
From the APM logs it looks like your AD Query isn't finding the username. What is your AD Query using for a Search Filter? I believe it should be:
(sAMAccountName=%{session.saml.last.identity})Reference: https://my.f5.com/manage/s/article/K22941103
- sandipkakade
We are using this filter --(sAMAccountName=%{session.logon.last.username})
Nou sure where exactly problem, in the apm logs we can see deny from AD but as per server team no issue seen from there end.
