Leveraging BIG-IP APM for seamless client NTLM Authentication

Many customers express interest to use F5 Access Policy Manager for transparent seamless authentication for their users.  There are a couple of leading use cases that drive that desired behavior: ...
Published Jul 22, 2014
Version 1.0
BIG-IP Access Policy Manager (APM)
microsoft
ntlm
security
brad_11480's avatar
brad_11480
Icon for Nimbostratus rankNimbostratus
Nov 17, 2017

I'm beginning to think taht NTLM auth with SAML/SSO is a futzz at best and is unworkable in general. I can get some of it to work with Firefox, others to work in Chrome, none to work in IE.

 

In Chrome on one of them i see LTM reporting: warning tmm[19392]: 01480001:4: No held transaction to sink. The mentions of it in Devcentral relate to ASM and not APM. While it says warning, the client browser just spins waiting fora response from the IdP.

 

In IE the error is: Nov 17 08:07:27 slot1/f5ext1a err tmm1[19392]: 014d0002:3: 25408ee6: SSOv2 POST Authn Request has no body Nov 17 08:07:27 slot1/f5ext1a err tmm1[19392]: 014d0002:3: 25408ee6: SSOv2 Error(12) Extracting SAML Data from Request

 

I don't use the code above in version 12 as I understood this was all now a working feature.

 

If anyone has a solid working solution, it would very much be appreciated. Thanks so much.