Forum Discussion

Raul_Rico_75446's avatar
Raul_Rico_75446
Icon for Nimbostratus rankNimbostratus
Nov 29, 2012

SSO Sharepoint

Hello,

 

 

I'm trying to configure SSO with sharepoint, with NTLM, but it's not working, I've followed the deployment guide:

 

 

usename source: session.sso.token.last.username

 

password source: session.sso.token.last.password

 

domain : netbios domain

 

 

I can't see what's happening, any idea?

 

 

Thanks.

 

 

4 Replies

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Hi Raul, in the BIG-IP web GUI, go to System>Logs>Configuration>Options>Access Policy Logging

     

     

    and set SSO logging to "Debug". You can then SSH into the BIG-IP and type this command: tail -f /var/log/apm

     

     

    Then try to access your SharePoint site. The APM log should provide clues about what's causing the failure.

     

     

    thanks

     

    Mike
  • Hi Mike, Thanks for your fast response, after to enable debug logging at SSO aI'm seeing this:

     

     

    Nov 29 18:40:07 local/LTM-R37 notice apd[23288]: 01490010:5: b63587db: Username 'XXXXXX'

     

    Nov 29 18:40:09 local/LTM-R37 notice apd[23288]: 01490008:5: b63587db: Connectivity resource 'SharePoint-application' assigned

     

    Nov 29 18:40:09 local/LTM-R37 notice apd[23288]: 01490128:5: b63587db: Webtop 'SharePoint-Webtop' assigned

     

    Nov 29 18:40:09 local/LTM-R37 notice apd[23288]: 01490005:5: b63587db: Following rule 'fallback' from item 'Resource Assign' to ending 'Allow'

     

    Nov 29 18:40:09 local/LTM-R37 notice apd[23288]: 01490102:5: b63587db: Access policy result: Web_Application

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:44 13 headers received, iov_count=1

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:315 http headers, len: 431 ======== :method: GET :uri: / :version: HTTP/1.1 Host: 172.16.37.37 Connection: keep-alive Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.91 Safari/537.11 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Referer: https://91.187.93.197/my.policy Accept-Language: ca,es;q=0.8,en;q=0.6,en-US;q=0.4 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 ========

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:websso.cpp:567 b63587db: metadata: , len(199)

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:webssoConfig.cpp:19 constructor

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:webssoConfig.cpp:215 init webssoConfig from data: 0x8c3c534, len: 199

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:webssoConfig.cpp:181 ssoMethod : ntlmv1 usernameSource : session.sso.token.last.username passwordSource : session.sso.token.last.password ntlmdomain : XXXXXXXX

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_REQUEST

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_REQUEST_DONE

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_SESSION_RESULT

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_SESSION_RESULT

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_SESSION_RESULT

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:715 ctx: 0x8e2f2f8, SERVER: TMEVT_RESPONSE

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:44 7 headers received, iov_count=1

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:315 http headers, len: 230 ======== :status: 401 Unauthorized Server: Microsoft-IIS/7.5 SPRequestGuid: fef3d1b1-bf80-41db-84b9-ef393d62f9c9 WWW-Authenticate: NTLM X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 14.0.0.6029 Date: Thu, 29 Nov 2012 17:40:10 GMT ========

     

    Nov 29 18:40:09 local/LTM-R37 info websso[9370]: 01490000:6: SSO: found HTTP 401 in response header

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/httpAuth.cpp:31 www-authenticate header: NTLM

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/httpAuth.cpp:40 ntlm auth: 0, ntlm state: 0

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:344 No set-cookie headers found

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_RESPONSE

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_RESPONSE_DONE

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:330 sso_disable: 0, _needAuth: 1

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:399 msg1 size 32 : TlRMTVNTUAABAAAAB4IAAAAAAAAAAAAA

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:559 SWALLOW THE RESPONSE

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:569 CREATING NEW REQUEST

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:715 ctx: 0x8e2f2f8, SERVER: TMEVT_RESPONSE

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:44 7 headers received, iov_count=1

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:315 http headers, len: 230 ======== :status: 401 Unauthorized Server: Microsoft-IIS/7.5 SPRequestGuid: 149333d1-b489-4cca-b452-40a92feff593 WWW-Authenticate: NTLM X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 14.0.0.6029 Date: Thu, 29 Nov 2012 17:40:10 GMT ========

     

    Nov 29 18:40:09 local/LTM-R37 info websso[9370]: 01490000:6: SSO: found HTTP 401 in response header

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/httpAuth.cpp:31 www-authenticate header: NTLM

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/httpAuth.cpp:40 ntlm auth: 1, ntlm state: 1

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/httpAuth.cpp:50 type 2 msg : size 4 :

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:websso.cpp:110 Caught signal: 6, exiting websso plugin

     

    Nov 29 18:40:13 local/LTM-R37 emerg logger: Re-starting websso

     

    Nov 29 18:40:13 local/LTM-R37 notice websso[9514]: 01490000:7: === Initializing SSO Plugin ===

     

    Nov 29 18:40:13 local/LTM-R37 notice websso[9514]: 01490000:5: SSO: new Master Key has been updated

     

    Nov 29 18:40:13 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:MasterKeyMgr.cpp:87 Master Key updated successfully

     

    Nov 29 18:40:13 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:webssoWorkQueue.cpp:20 webssoWorkQueue constructor

     

    Nov 29 18:40:13 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:284 lauching 10 worker threads...

     

    Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:361 webssoConfigUpdate called

     

    Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:392 plugin debug flag: 0

     

    Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:610 ctx: (nil), CLIENT: TMEVT_NEW_VS_INFO

     

    Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:361 webssoConfigUpdate called

     

    Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:392 plugin debug flag: 0

     

    Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:610 ctx: (nil), CLIENT: TMEVT_NEW_VS_INFO

     

    Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:361 webssoConfigUpdate called

     

    Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:392 plugin debug flag: 0

     

    Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:610 ctx: (nil), CLIENT: TMEVT_NEW_VS_INFO

     

    Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:361 webssoConfigUpdate called

     

    Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:392 plugin debug flag: 0

     

    Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:610 ctx: (nil), CLIENT: TMEVT_NEW_VS_INFO

     

     

     

     

    This message are very suspicius:

     

    Nov 29 18:40:09 local/LTM-R37 info websso[9370]: 01490000:6: SSO: found HTTP 401 in response header

     

     

    Do you think this could be the problem? Why is this happening?

     

     

    Thanks in advance for your help
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    The SSO needs to see the 401 response headers to properly handle NTLM authentication. I think these messages are more likely related to the problem:

     

     

    Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:websso.cpp:110 Caught signal: 6, exiting websso plugin

     

    Nov 29 18:40:13 local/LTM-R37 emerg logger: Re-starting websso

     

     

    Looks like websso crashed here. I would contact F5 support and open a ticket for this issue.

     

     

    BTW, which deployment guide did you use?
  • The name of the guide is "Deploying Access Policy Manager with Microsoft Active Directory for Sharepoint 2010 Access", here the link

     

    http://www.f5.com/pdf/deployment-guides/f5-sharepoint-2010-dg.pdf

     

     

    Thanks