Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

SSL Bridging and X fwd for ADFS

Thomson_Thomas
Cirrus
Cirrus

‎04-Nov-2022 07:08

We currently have a VIP configured for external ADFS that is doing SSL passthrough. We are trying to utilize the X Forwarded for header with SSL bridging however during our change neither the SSL bridging or the x forwarded for option was sucessfull. When applying either or both config that traffic would fail and the web page would show page unreachable. Does anyone have any expereience with this type of change

Labels:
0 Kudos
6 REPLIES 6

momahdy
F5 Employee
F5 Employee

‎04-Nov-2022 09:00

@Thomson_Thomas  This can be acheived by enabling F5 ADFS proxy function, you might want to check this doc. to enable trust between F5 and ADFS behind it to allow F5 to act as ADFS proxy.

https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-access-policy-manager-third-party-integration/apm-...

Note, it needs APM to be licensed and provisioned.

0 Kudos

Daniel_Wolf
MVP
MVP

‎04-Nov-2022 09:11

Hi @Thomson_Thomas,

in case you want to enable only HTTP(S) loadbalancing and SSL bridging, you should check your serverside SSL profile for ServerName and SNI settings. AD FS servers expects the ServerName to be correct.

KR
Daniel

0 Kudos

Daniel_Wolf
MVP
MVP
In response to Daniel_Wolf

‎04-Nov-2022 10:06

Going forward and backward over my notes from the last time I configured this... Having APM licensed and 

registering APM as an AD FS proxy seems to be more reliable than manual setup with LTM only.

Thomson_Thomas
Cirrus
Cirrus
In response to Daniel_Wolf

‎04-Nov-2022 10:09

Thanks dont have APM licensed or installed in our environment. Was thinking there was a way to get this working with just LTM but im assuming there isnt.

0 Kudos

Nikoolayy1
MVP
MVP

‎04-Nov-2022 14:18

Maybe test the FAST iApp template for ADFS https://clouddocs.f5.com/products/extensions/f5-appsvcs-templates/latest/userguide/template-list.htm... . There is also an older iApp but better to not use it https://support.f5.com/csp/article/K17041  .

 

For this you do not need APM but as @Daniel_Wolf  mentioned it is great to do it with APM guided config as then you can use the F5 as a portal not only for ADFS but your internal web apps, Exchange , Azure AD sync between F5 and the Azure AD using SAML, Oauth etc.

0 Kudos

Thomson_Thomas
Cirrus
Cirrus
In response to Nikoolayy1

‎04-Nov-2022 15:50

Does anyone know where I can get the ServerName and SNI settings from the ADFS server? Is this just the dns name of the application?

0 Kudos
Copyright © 2023 Khoros, LLC