APM - Capture Login sharepoint
Hello everyone, I need some help. I'm not very good with APM, but my question is: --- I have an application published in APM, and all accesses are OK. However, I received a request to publish the application in sharepoint (hyperlink). However, when placing the application hyperlink in sharepoint, the application is opening the long page (APM) and requesting login again. My challenge is: Collect the user logged into sharepoint and use it to perform SSO in my application, without the need to go through the Logon Page NOTE: Today, my Sharepoint and F5 APM is integrated with Active Directory (not Azure AD). Is it possible with APM to collect the user logged in to Sharepoint and perform SSO in the APP? Regards Paulo
APM : is VMware Workspace One supported as an Endpoint Management System?
Hello, In the past, we added our on-premises Airwatch server in the Endpoint Management Systems list. We used this feature to check if the smartphones connecting to the VPN were properly enrolled. We used this feature only for a few users. We migrated to VMware Workspace One in SaaS mode but we forgot about this feature. Is VMware Workspace One supported as an Endpoint Management System? Could F5 APM connect to WSO API? When adding our WSO instance as Airwatch, we got a "General configuration error". Thank you Thomas
user alert on apm logs
I try to trigger a command when a specific log is written on /var/log/apm It works on 2 different non prod big-ip, but on a third one in production it only works with /var/log/ltm logs. user_alert.conf "failed" is commun in my ltm logs. "New session" is commun in apm logs. So this works (triggered from ltm logs): alert test "failed" { exec command="logger -p local0.notice 'test'" } This doesn't (not triggered from apm logs): alert test "New session" { exec command="logger -p local0.notice 'test'" } Do you have any idea why?
HA Configuration (One in primary and One in DR)
Hi folks, I currently have HA pair (active/passive) in a primary data center and we are bringing up a DR. wondering can I split up the HA pair (One in primary and One in DR) and continue to have HA with utilizing different subnets? We are using multiple IPSEC tunnels to connect the sites so we are still working on whether we can extend subnets but if we can't I wanted to ask if different subnets are possible. Thank you any info is appreciatedF5 APM/RDG Not working
Hi guys, created a new access policy and I get as far as being able to download the rdp file, when I execute the file, I see the traffic on 443 land on the F5, but I do not see any attempt from the F5 to open a connection to the RDP server (no packets to the rdp server IP address at all in a tcpdump) I have a forwarding server that encompasses 10.0.0.0/8 and I have another access policy that is working with a server in the same range. There is a rule on AFM, SNAT is enabled. feel like I am missing something simple here, unfortunately I have no logs at all to explain what is or is not working , any ideas what this could be missing? I feel like it has to be something to do with the virtual server with the access policy on it.F5 BIG-IP APM with Omnissa Workspace ONE Access
This article discusses the collaboration between Omnissa and F5 to integrate Workspace ONE Access Cloud with F5 Access Policy Manager (APM). Workspace ONE Access unifies applications and desktops into a single, aggregated workspace, allowing employees to access resources from anywhere while simplifying IT administration through fewer management points and flexible access. The deployment of Workspace ONE Access in the cloud centralizes assets, devices, and applications, enabling secure management of users and data. Organizations benefit from instant upgrades without maintenance outages. The document provides detailed instructions for configuring Workspace ONE Access Cloud as an Identity Provider (IDP) in front of F5 APM as a Service Provider (SP), utilizing APM as a gateway for Omnissa Horizon. This integration aims to offer a comprehensive view of the workspace, ensuring robust DMZ security and scalability with the F5 PCoIP/Blast Proxy in conjunction with Omnissa Horizon.
APM Portal Access Rewriting
Hi all, A customer of us is using the F5 with APM and a Full Weptop Config. They're using a Full Webtop Portal with Portal Access Ressources and Rewriting. One of the Portal Access is connecting to a Document Management Application (https://backend.com) where the Source IP is allowed for access from the F5. Now the Backend Provider of the Document Management App has upgraded the Application and integrated a Keycloak IAM, since then the included OpenID Connect SSO Requests are not properly rewriten by the F5. The Client connects then directly to the SSO URL for OIDC and not through the Portal Access Rewriting. We created a HAR File on the client and see the following: ******* Requests to rewriting: https://portal.f5.com/f5-w-abc123/page1.html https://portal.f5.com/f5-w-abc123/somejavascript.js https://portal.f5.com/f5-w-abc123/somepic.jpg ..... Then the following: https://api.essentials.backend.com/api/userrequest And: https://id.backend.com/realms/essentials/protocol/openid-connect/auth?client_id...... ******* The obfuscated path /f5-w-abc123 results in the URL https://backend.com So how can we have the other URL also rewritten so that https://api.essentials.backend.com/... is rewritten to https://portal.f5.com/f5-w-xyz123 ? Thank you for your help
APM Import error: config version 15.1 is not compatible with BIGIP version 16.1
I would like to migrate all of our APM policies from old F5 platform (v15.1) to newer F5 platform (v16.1). I can migrate most of the objects, except for APM. I get an error message "Import error: config version 15.1 is not compatible with BIGIP version 16.1" when import on the newer F5. I noticed there is a file calledng-export.conf inside the exported .tar file. Can I modify the following setting to correct version like this? I'm not sure if there will be bunch of other settings that may be not compatible between version. #F5[Version:15.1] #F5[Build:15.1.10.3-0.0.12.0] To #F5[Version:16.1] #F5[Build:16.1.5-0.0.3.0] Have anyone done like this before?
