ADFS Proxy Replacement on F5 BIG-IP
BIG-IP Access Policy Manager can now replace the need for Web Application Proxy servers providing security for your modern AD FS deployment with MS-ADFSPIP support released in BIG-IP v13.1. This arti...
Published Mar 13, 2018
Version 1.0
Graham_Alderso1
Employee
EmployeeGraham_Alderso1Employee
Employee
Marvin
Cirrocumulus
CirrocumulusHi Graham, my client is working for a while with this solution but seems they have an issue with version 15.1.x , using your iapp and only the ADFS proxy checkbox on the VS for one ADFS virtual server we see that the clientssl handshake is not being send to the ADFS server with the default setting SSL renegotiation disabled and we see this error in ltm logs
Self-initiated renegotiation attempted while renegotiation disabled: /Common/t-ADFS-proxy_client-ssl
When enabling renegotiation in clientssl profile it works.
We do have another virtual server with the renegotiation disabled and there the clientssl hello is being send normally to ADFS server, what are your thoughts on the ADFS and renegotiation settings required and do you have any idea what is happening here?
The iapp created the clientssl profile with clientssl-secure as parent and the renegotiation is disabled and in serverssl it is enabled