Why does XMLHTTPRequests from IE 10/11 fail intermittently against F5 LTM+APM?

Do you think the fact that they're using JWT bearer tokens in the Authorization header might be playing foul with APM's expectations that Authorization should be used differently in an NTLM environment?

I'm suspecting that the Authorization header being sent by the client isn't being overwritten, or potentially is in the wrong way. The WEBSSO profile effectively inserts an NTLM Authorization header into the request stream on the way to the server. If the client is sending its own Authorization header, the WEBSSO may not be overwriting that value.

When we see it fail, it's worth noting that the request isn't technically completed. It's happening during a POST after the headers and before the POST body

Are the POST payloads very large in this case? If you watch the HTTP traffic on both sides of the F5, do you see the POST hitting the server and the server sending an error, or does it fail at the F5 without ever going to the server?