Forum Discussion
Placing APM in front of SharePoint 2010
Having some difficulties in getting APM to work with Sharepoint 2010. This is on a F5 running latest 11.1 version.
The APM bit to collect username and password and authenticating to our AD server works fine. The problem is that Sharepoint is insisting on asking for its own Form based authentication credentials as well - we want to use SSO.
I have tried basic, ntlm's and form based SSO - none of them seem to want to work.
I am no expert in Sharepoint, but I have been assured that using the Forms based authentication is required as Basic authentication wont work with an external LDAP provider.
The Form that Sharepoint presents has silly field names like:
ctl00$PlaceHolderMain$signInControl$login
ctl00$PlaceHolderMain$signInControl$UserName
ctl00$PlaceHolderMain$signInControl$password
When plug these into the SSO and try to connect I can see from a network snoop that Sharepoint is just sending back the logon form again - no reason why it is rejecting it.
I suspect that it requires some extra hidden fields or cookies to work - but how do I work out what?
As a debugging tool I am trying commands like this from the F5 console:
curl --trace - -d 'ctl00$PlaceHolderMain$signInControl$login=Sign%20In' -d 'ctl00$PlaceHolderMain$signInControl$UserName=wilsonjp' -d 'ctl00$PlaceHolderMain$signInControl$password=BOGUS' http://spointextweb/_forms/default.aspx
Anybody have any ideas? We have SSO working with Apache, Tomcat, Weblogic, etc - this is the first Sharepoint deployment.
Thanks for any assistance!
Jason
- mikeshimkus_111Historic F5 Accounthi Jason, our guidance for using SharePoint with an SSO in APM requires setting the SharePoint servers to NTLM authentication. I don't believe we have anything yet for using a forms-based SSO, but I will double-check. Is it possible to change the authentication mode on your SharePoint farm?
- Jason_46956NimbostratusThanks for the advice.
- Jason,
- Jason_46956NimbostratusMichael,
- InnONimbostratus
Hi,
I was able to make any form of SSO work well with Sharepoint 2010 and 2013 : NTLM, Kerberos, and Form-Based with 11.4.x. For this last one, you have to use the Form-Based Client Initiated. Be careful though, using this feature can make a TMM core occur. Opened a support ticket with F5, they were able to identify a bug, and recently provided us an engineering hotfix which correct that (among 300+ other bugs).
- drugovm_149811Nimbostratus
Would you share your Form Based SSO config details? Unless it's that same as in F5 Guide for APM
Thanks
- InnONimbostratus
I had to use a Form-Based Client Initiated SSO with the config described in the 11.4 manual. Originally designed for SP2010, this works fine with SP2013 as the form is the same. I was not able to use the standard APM Form-Based SSO though.
- Joe_45302Nimbostratus
Here is a write-up with similar characteristics. Write up by Joe
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com