Forum Discussion
Thomson_Thomas
Cirrus
CirrusSSL Bridging and X fwd for ADFS
We currently have a VIP configured for external ADFS that is doing SSL passthrough. We are trying to utilize the X Forwarded for header with SSL bridging however during our change neither the SSL bridging or the x forwarded for option was sucessfull. When applying either or both config that traffic would fail and the web page would show page unreachable. Does anyone have any expereience with this type of change
- Nikoolayy1
MVP
Maybe test the FAST iApp template for ADFS https://clouddocs.f5.com/products/extensions/f5-appsvcs-templates/latest/userguide/template-list.html . There is also an older iApp but better to not use it https://support.f5.com/csp/article/K17041 .
For this you do not need APM but as Daniel_Wolf mentioned it is great to do it with APM guided config as then you can use the F5 as a portal not only for ADFS but your internal web apps, Exchange , Azure AD sync between F5 and the Azure AD using SAML, Oauth etc.
Thomson_ThomasDoes anyone know where I can get the ServerName and SNI settings from the ADFS server? Is this just the dns name of the application?
- Daniel_Wolf
Hi Thomson_Thomas,
in case you want to enable only HTTP(S) loadbalancing and SSL bridging, you should check your serverside SSL profile for ServerName and SNI settings. AD FS servers expects the ServerName to be correct.
KR
Daniel- Daniel_Wolf
Going forward and backward over my notes from the last time I configured this... Having APM licensed and
registering APM as an AD FS proxy seems to be more reliable than manual setup with LTM only.- Thomson_Thomas
Thanks dont have APM licensed or installed in our environment. Was thinking there was a way to get this working with just LTM but im assuming there isnt.
- momahdy
Employee
Thomson_Thomas This can be acheived by enabling F5 ADFS proxy function, you might want to check this doc. to enable trust between F5 and ADFS behind it to allow F5 to act as ADFS proxy.
Note, it needs APM to be licensed and provisioned.
