Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

sandipkakade's avatar
sandipkakade
Icon for Nimbostratus rankNimbostratus
Aug 27, 2024

Re: Login authentication error on F5 apm

Thanks for updating ..please find the below details.

  • Is this impacting all users, or just some? Azure does this if people are signing into multiple accounts, requiring that the users clear their browser history --No its new requirement 
  •              Users are first authenticating through SAML and after that it will make query to on prem AD server and login page will open.  SAML authentication working after that AD deny traffic.
  • Azure cert no expired.  First time we are setuping this authentication with SAML 

 

is there any setting require on AD side for kerbose authentication?

3 Replies

  • DanSkow's avatar
    DanSkow
    Icon for Cirrus rankCirrus
    Aug 27, 2024

    From the APM logs it looks like your AD Query isn't finding the username. What is your AD Query using for a Search Filter? I believe it should be:

    (sAMAccountName=%{session.saml.last.identity})

     

    Reference: https://my.f5.com/manage/s/article/K22941103

    • sandipkakade's avatar
      sandipkakade
      Icon for Nimbostratus rankNimbostratus
      Aug 27, 2024

      We are using this filter --(sAMAccountName=%{session.logon.last.username})

       

      Nou sure where exactly problem, in the apm logs we can see deny from AD but as per server team no issue seen from there end.

      • DanSkow's avatar
        DanSkow
        Icon for Cirrus rankCirrus
        Aug 27, 2024

        Try the following two options to see if one of them fixes it:

        1. Add a Variable Assign event between SAML Auth and AD query 

         

        OR

        2. Change (sAMAccountName=%{session.logon.last.username}) to (sAMAccountName=%{session.saml.last.identity})