Forum Discussion
Actually Kerberos one was not working it was setup and when tested it did not work and Backend App was not ready for Kerberos hence whatever configured for Kerberos trying to move to NTLM.
When user tries it shows error as attached. Please advise if you get a hint from it.
One quick note is when user tries they get the Microsoft Landing page , they try to authenticate using email address and I have been told they have to try using email address as user name. However user tested with "DomainName\Username" it did not work too. Azure side they see the log for Authentication as passed but I see error at F5 side as attached.
I will also match as you mentioned above.
have a good look at your APM variables after you logged in to Azure AD.
for me the username was in session.saml.last.attr.name.Identity. but it might be different depending on what your Azure AD claims are. login, check the APM variables for the session and then check where it what you need.
i do assume you assign session.logon.last.usernameUPN in the SSO mapping object?