ADFS Proxy Replacement on F5 BIG-IP

BIG-IP Access Policy Manager can now replace the need for Web Application Proxy servers providing security for your modern AD FS deployment with MS-ADFSPIP support released in BIG-IP v13.1. This arti...

Published Mar 13, 2018

Version 1.0

application delivery

BIG-IP Access Policy Manager (APM)

security

Graham_Alderso1

Ret. Employee

Joined May 22, 2019

View Profile

Graham_Alderso1

Ret. Employee

Apr 24, 2018

I looked at the APM profile the iApp creates when you select Azure MFA and it looks like there might be a minor mistake that breaks SSO (only when Azure MFA is selected). The current iApp puts the SSO Credential Mapping object after the RADIUS auth, which unfortunately overwrites the session.logon.last.password field, so the wrong password gets set for SSO. To fix this, you need to move the SSO Credential Mapping agent to immediately after the AD Auth (before RADIUS). I've included an image of what I'm describing below. Let me know if this solves your SSO issue, if so I will put in a request to have the iApp corrected as described.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

ADFS Proxy Replacement on F5 BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS