Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

APM Policy seems to stay pending

InnO
Nimbostratus
Nimbostratus

‎02-Jun-2015 07:27

Hi all,

 

I am trying to set up a Kerberos authentication policy in my APM 11.6 HF4 to get some Windows Integrated auth for a VIP, following the f5 documented procedure (https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-o...)

 

Everything seems to run fine at the authentication level, as I clearly see my username and auth results stored in my session variables, but the policy seems to stop there, just after the Kerberos auth box, and does not it the following boxes (I have some message box to trap where I am in the policy). Looks like the policy never leaves the Kerberos Auth box. Therefore my browser just shows IE error (Page cant be displayed), and the session stays in the pending state (blue). I have attached a policy screenshot, it never hits the message boxes KRB AUTH DONE or FAILED.

 

Checking the LTM and APM logs show no error or stop.

 

There is something I am missing, and I don't find what...Some clue or a different angle/point of view would be helpful 🙂

 

0691T000006ApVNQA0.png 0691T000006ApVOQA0.png

 

Labels:
0 Kudos
3 REPLIES 3

InnO
Nimbostratus
Nimbostratus

‎10-Jun-2015 05:22

Some weird development : policy runs with Firefox and Chrome but stays pending with IE. I checked if some other authentication than Kerberos is occurring with these browsers, but no, it is pure Kerberos. So the question is, why Kerberos IWA does not happen with IE ? I would have expected that to work better with IE than others browsers. And yes, all settings in IE have been multiple times checked 🙂
0 Kudos

amolari
Cirrus
Cirrus

‎11-Jun-2015 03:19

Fiddler (or httpwatch or..) might help here and figure out the different behaviour/result between IE and other browsers.

 

0 Kudos

InnO
Nimbostratus
Nimbostratus

‎11-Jun-2015 12:35

Hi all,

 

Found the issue. I created a new virtual server, applied same APM policy, and everything worked pretty well as expected... Comparing both configs, it appears that selecting Preserve Strict setting for Source Port in the VS config breaks the whole thing. In my case, this item must be set to Preserve only.

 

Why it was working for Chrome & Firefox but not IE is still a mystery, but at least, it is fixed.

 

Thanks, Pascal.

 

0 Kudos
Copyright © 2023 Khoros, LLC