Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Nath's avatar
Nath
Icon for Cirrostratus rankCirrostratus
Mar 10, 2016

Setting up CAS server with certificate based authentication

Hi All,   Does anyone tried to use this or tried to done this kind of setup.   When I use the client and server ssl profile it always fail, but when I removed both client and server ssl profile...
application delivery
big-ip
devops
LTM
Yann_Desmarest's avatar
Yann_Desmarest
Icon for Cirrus rankCirrus
Mar 11, 2016

Hello,

 

This is a common scenario where you configure client cert authentication on the F5 VIP protecting the pool of CAS servers.

 

The client cert auth is feasible using LTM only by correctly setting up a client ssl profile.

 

But the Web SSO feature require APM module. If you ask only client certificate, so you must configure Kerberos Delegation on the BIG-IP and activate Kerberos authentication on the CAS servers.

 

I suggest you to add the UPN or the e-mail address of the user within the certificate so that by doing an AD query, you can retrieve all required attributes.

 

Nath's avatar
Nath
Icon for Cirrostratus rankCirrostratus
Mar 11, 2016
Thanks I'm glad someone understand me. The UPN was included on the certificate that AD needed to vertfy. My problem is the clientSSL profile. I'm not really familiar the certificates and keys.