cancel
Showing results for 
Search instead for 
Did you mean: 

SSO Sharepoint

Raul_Rico_75446
Nimbostratus
Nimbostratus

Hello,

 

 

I'm trying to configure SSO with sharepoint, with NTLM, but it's not working, I've followed the deployment guide:

 

 

usename source: session.sso.token.last.username

 

password source: session.sso.token.last.password

 

domain : netbios domain

 

 

I can't see what's happening, any idea?

 

 

Thanks.

 

 

4 REPLIES 4

mikeshimkus_111
Historic F5 Account
Hi Raul, in the BIG-IP web GUI, go to System>Logs>Configuration>Options>Access Policy Logging

 

 

and set SSO logging to "Debug". You can then SSH into the BIG-IP and type this command: tail -f /var/log/apm

 

 

Then try to access your SharePoint site. The APM log should provide clues about what's causing the failure.

 

 

thanks

 

Mike

Raul_Rico_75446
Nimbostratus
Nimbostratus
Hi Mike, Thanks for your fast response, after to enable debug logging at SSO aI'm seeing this:

 

 

Nov 29 18:40:07 local/LTM-R37 notice apd[23288]: 01490010:5: b63587db: Username 'XXXXXX'

 

Nov 29 18:40:09 local/LTM-R37 notice apd[23288]: 01490008:5: b63587db: Connectivity resource 'SharePoint-application' assigned

 

Nov 29 18:40:09 local/LTM-R37 notice apd[23288]: 01490128:5: b63587db: Webtop 'SharePoint-Webtop' assigned

 

Nov 29 18:40:09 local/LTM-R37 notice apd[23288]: 01490005:5: b63587db: Following rule 'fallback' from item 'Resource Assign' to ending 'Allow'

 

Nov 29 18:40:09 local/LTM-R37 notice apd[23288]: 01490102:5: b63587db: Access policy result: Web_Application

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:44 13 headers received, iov_count=1

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:315 http headers, len: 431 ======== :method: GET :uri: / :version: HTTP/1.1 Host: 172.16.37.37 Connection: keep-alive Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.91 Safari/537.11 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Referer: https://91.187.93.197/my.policy Accept-Language: ca,es;q=0.8,en;q=0.6,en-US;q=0.4 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 ========

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:websso.cpp:567 b63587db: metadata: , len(199)

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:webssoConfig.cpp:19 constructor

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:webssoConfig.cpp:215 init webssoConfig from data: 0x8c3c534, len: 199

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:webssoConfig.cpp:181 ssoMethod : ntlmv1 usernameSource : session.sso.token.last.username passwordSource : session.sso.token.last.password ntlmdomain : XXXXXXXX

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_REQUEST

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_REQUEST_DONE

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_SESSION_RESULT

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_SESSION_RESULT

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_SESSION_RESULT

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:715 ctx: 0x8e2f2f8, SERVER: TMEVT_RESPONSE

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:44 7 headers received, iov_count=1

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:315 http headers, len: 230 ======== :status: 401 Unauthorized Server: Microsoft-IIS/7.5 SPRequestGuid: fef3d1b1-bf80-41db-84b9-ef393d62f9c9 WWW-Authenticate: NTLM X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 14.0.0.6029 Date: Thu, 29 Nov 2012 17:40:10 GMT ========

 

Nov 29 18:40:09 local/LTM-R37 info websso[9370]: 01490000:6: SSO: found HTTP 401 in response header

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/httpAuth.cpp:31 www-authenticate header: NTLM

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/httpAuth.cpp:40 ntlm auth: 0, ntlm state: 0

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:344 No set-cookie headers found

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_RESPONSE

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:67 ctx: 0x8c3c140, CLIENT: TMEVT_RESPONSE_DONE

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:330 sso_disable: 0, _needAuth: 1

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:399 msg1 size 32 : TlRMTVNTUAABAAAAB4IAAAAAAAAAAAAA

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:559 SWALLOW THE RESPONSE

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:569 CREATING NEW REQUEST

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/HttpHeaderBased.cpp:715 ctx: 0x8e2f2f8, SERVER: TMEVT_RESPONSE

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:44 7 headers received, iov_count=1

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:httpMessage.cpp:315 http headers, len: 230 ======== :status: 401 Unauthorized Server: Microsoft-IIS/7.5 SPRequestGuid: 149333d1-b489-4cca-b452-40a92feff593 WWW-Authenticate: NTLM X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 14.0.0.6029 Date: Thu, 29 Nov 2012 17:40:10 GMT ========

 

Nov 29 18:40:09 local/LTM-R37 info websso[9370]: 01490000:6: SSO: found HTTP 401 in response header

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/httpAuth.cpp:31 www-authenticate header: NTLM

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/httpAuth.cpp:40 ntlm auth: 1, ntlm state: 1

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:Modules/HttpHeaderBased/httpAuth.cpp:50 type 2 msg : size 4 :

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:websso.cpp:110 Caught signal: 6, exiting websso plugin

 

Nov 29 18:40:13 local/LTM-R37 emerg logger: Re-starting websso

 

Nov 29 18:40:13 local/LTM-R37 notice websso[9514]: 01490000:7: === Initializing SSO Plugin ===

 

Nov 29 18:40:13 local/LTM-R37 notice websso[9514]: 01490000:5: SSO: new Master Key has been updated

 

Nov 29 18:40:13 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:MasterKeyMgr.cpp:87 Master Key updated successfully

 

Nov 29 18:40:13 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:webssoWorkQueue.cpp:20 webssoWorkQueue constructor

 

Nov 29 18:40:13 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:284 lauching 10 worker threads...

 

Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:361 webssoConfigUpdate called

 

Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:392 plugin debug flag: 0

 

Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:610 ctx: (nil), CLIENT: TMEVT_NEW_VS_INFO

 

Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:361 webssoConfigUpdate called

 

Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:392 plugin debug flag: 0

 

Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:610 ctx: (nil), CLIENT: TMEVT_NEW_VS_INFO

 

Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:361 webssoConfigUpdate called

 

Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:392 plugin debug flag: 0

 

Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:610 ctx: (nil), CLIENT: TMEVT_NEW_VS_INFO

 

Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:361 webssoConfigUpdate called

 

Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:392 plugin debug flag: 0

 

Nov 29 18:40:14 local/LTM-R37 debug websso[9514]: 01490000:7: SSO:websso.cpp:610 ctx: (nil), CLIENT: TMEVT_NEW_VS_INFO

 

 

 

 

This message are very suspicius:

 

Nov 29 18:40:09 local/LTM-R37 info websso[9370]: 01490000:6: SSO: found HTTP 401 in response header

 

 

Do you think this could be the problem? Why is this happening?

 

 

Thanks in advance for your help

mikeshimkus_111
Historic F5 Account
The SSO needs to see the 401 response headers to properly handle NTLM authentication. I think these messages are more likely related to the problem:

 

 

Nov 29 18:40:09 local/LTM-R37 debug websso[9370]: 01490000:7: SSO:websso.cpp:110 Caught signal: 6, exiting websso plugin

 

Nov 29 18:40:13 local/LTM-R37 emerg logger: Re-starting websso

 

 

Looks like websso crashed here. I would contact F5 support and open a ticket for this issue.

 

 

BTW, which deployment guide did you use?

Raul_Rico_75446
Nimbostratus
Nimbostratus
The name of the guide is "Deploying Access Policy Manager with Microsoft Active Directory for Sharepoint 2010 Access", here the link

 

http://www.f5.com/pdf/deployment-guides/f5-sharepoint-2010-dg.pdf

 

 

Thanks