Forum Discussion
Login authentication error on F5 apm
Thanks for updating ..please find the below details.
- Is this impacting all users, or just some? Azure does this if people are signing into multiple accounts, requiring that the users clear their browser history --No its new requirement
- Users are first authenticating through SAML and after that it will make query to on prem AD server and login page will open. SAML authentication working after that AD deny traffic.
- Azure cert no expired. First time we are setuping this authentication with SAML
is there any setting require on AD side for kerbose authentication?
From the APM logs it looks like your AD Query isn't finding the username. What is your AD Query using for a Search Filter? I believe it should be:
(sAMAccountName=%{session.saml.last.identity})
Reference: https://my.f5.com/manage/s/article/K22941103
- sandipkakadeAug 27, 2024Nimbostratus
We are using this filter --(sAMAccountName=%{session.logon.last.username})
Nou sure where exactly problem, in the apm logs we can see deny from AD but as per server team no issue seen from there end.
- DanSkowAug 27, 2024Cirrus
Try the following two options to see if one of them fixes it:
1. Add a Variable Assign event between SAML Auth and AD query
OR
2. Change (sAMAccountName=%{session.logon.last.username}) to (sAMAccountName=%{session.saml.last.identity})
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com