For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Leveraging BIG-IP APM for seamless client NTLM Authentication

Many customers express interest to use F5 Access Policy Manager for transparent seamless authentication for their users.  There are a couple of leading use cases that drive that desired behavior: ...
Published Jul 22, 2014
Version 1.0
BIG-IP Access Policy Manager (APM)
microsoft
ntlm
security
Noah_Hackl_6776's avatar
Noah_Hackl_6776
Icon for Nimbostratus rankNimbostratus
Oct 14, 2014
I am seeing the same problem as drugovm and brad. After a little digging I found that the [ACCESS::session sid] command in the HTTP_ REQUEST portion of the iRule returns an empty string. Checking for values in the ACCESS_SESSION_STARTED portion of the iRule does generate a sid value, but this is not preserved when the actual http request comes through. I even tried manually creating a session with [ACCESS::session create] in the HTTP_ REQUEST portion of the rule, however, this appears to be an invalid usage of the command. I am on 11.3 for this particular BIG-IP, so could that be the issue? I will set it up on my 11.5 set tomorrow and see if the behavior changes.