CirrusWe currently have a VIP configured for external ADFS that is doing SSL passthrough. We are trying to utilize the X Forwarded for header with SSL bridging however during our change neither the SSL bridging or the x forwarded for option was sucessfull. When applying either or both config that traffic would fail and the web page would show page unreachable. Does anyone have any expereience with this type of change
EmployeeThomson_Thomas This can be acheived by enabling F5 ADFS proxy function, you might want to check this doc. to enable trust between F5 and ADFS behind it to allow F5 to act as ADFS proxy.
Note, it needs APM to be licensed and provisioned.
MVPHi Thomson_Thomas,
in case you want to enable only HTTP(S) loadbalancing and SSL bridging, you should check your serverside SSL profile for ServerName and SNI settings. AD FS servers expects the ServerName to be correct.
KR
Daniel
MVPGoing forward and backward over my notes from the last time I configured this... Having APM licensed and
CirrusThanks dont have APM licensed or installed in our environment. Was thinking there was a way to get this working with just LTM but im assuming there isnt.
MVPMaybe test the FAST iApp template for ADFS https://clouddocs.f5.com/products/extensions/f5-appsvcs-templates/latest/userguide/template-list.html . There is also an older iApp but better to not use it https://support.f5.com/csp/article/K17041 .
For this you do not need APM but as Daniel_Wolf mentioned it is great to do it with APM guided config as then you can use the F5 as a portal not only for ADFS but your internal web apps, Exchange , Azure AD sync between F5 and the Azure AD using SAML, Oauth etc.
CirrusDoes anyone know where I can get the ServerName and SNI settings from the ADFS server? Is this just the dns name of the application?