brad_11480's avatar
brad_11480
Icon for Nimbostratus rankNimbostratus
Dec 28, 2017

I really have to ask why F5 has not taken this up to fully support this. It seems we are all left to invent a solution and most of us are struggling (at least I continue to struggle with it). Maybe an iApp? At least create an official implementation guide showing examples and detailing the specifics.. Example is the 'elusive' ECA, which cannot be configured via the GUI, it must be done via CLI for the virtual server.

 

I have struggled with this for a couple if years and am finally on version 12 and have it somewhat working. I am getting errors in my logs stating "01480001:4: No held transaction to sink." that nobody can seem to explain. I'm guessing it is dropping the message. For Chrome users it makes it unusable-- something is wrong. For IE users it seems to work for them.

 

My users are finally happy to be able to use SAML/SSO with NTLM without having it prompt the user for credentials if it can validate what they already have. But there are loose ends that are lingering on and need to be cleaned up. The problem is what exactly is wrong and what needs to be done to fix it.

 

Thanks to everyone who has contributed to this and other posting regarding NTLM authentication. I am grateful and appreciate the time you have taken to share and the time you probably have spent making it work in your own environments.