PKI PIN works for users from one network, not the other.
We have external users and internal users accessing a virtual server. It's fronted by an APM policy, that asks for the DoD PKI/pin, does an OCSP check, LDAP check, and then sends users on their way to LTM. (there's no SSO, or anything involved) When being load balanced to the application, the end application prompts the users for their PKI/PIN at the app again for access. For the internal network users, this works. For the external network users, their PIN is not being accepted. Is there something I'm missing on the F5 side of things? I even disabled APM for that FQDN through the VS and it still has the same result.
Horizon View iApp - Big-IP 17.5
I have a client deploying an r4650 pair. The plan is for it to handle Exchange, LDAPS & Horizon View. I’m in the process of initial setup on the pair of boxes now. It’s been a long time since I've deployed Horizon View on F5. I see that the iApp is still maintained so yay! Question: is the current 1.5.9 version of the iApp supported in Big-IP 17.5? The KB article states 17.1 but the article hasn’t been updated in a while. F5 recommends the latest version of 17.5 but I don't want to hit any snags as we deploy. Thanks in advance, MattSharing User Credentials Between SAML IDP and SP Policies in F5 APM
In F5 APM environments with one SAML Identity Provider (IDP) and multiple Service Providers (SPs), SP policies may need access to user credentials (like passwords) for SSO mechanisms such as NTLM or RDP. Since SAML doesn't transmit passwords, this solution enables secure credential sharing by storing the password in a custom session variable on the IDP side and passing the IDP session ID to the SP as a SAML attribute. An iRule on the SP side then uses this session ID to retrieve the password from the IDP session, making it available for SSO credential mapping. This approach maintains security by avoiding password exposure in the SAML assertion and leverages internal session sharing between policies.
issue with shared APM error messages
I am wondering if there is a solution for this - We have several types of login pages in one policy - for instance: user and password form and an OTP code form and a google auth form. I was asked to customize the error message for wrong user or password. Unfortunately they all share the same AAA error section: "incorrect user or password"... but as you can understand - I don't have a user in the OTP or GA sections and would like a way to have a separate error per logon page - any ideas? Thanks Vered
APM logon customization
Hi all, Would someone be able to help me with customizing the APM logon page to something like the below picture. I have an HTML code for my display but struggling to understand the format of the APM_FILL.CSS file where these settings are stored. Is there a section in there that is dedicated for HTML or does it require another language? Any guidance is appreciated. Admin update: adding image inline for simplicity
BIG-IP Oauth Client and AS
Dear Community After days of troubleshooting im out of luck with my configuration. I've followed the following guides and documentation to configure two Virtual Server with APM (Client/RS and AS) on the same BIG-IP. https://my.f5.com/manage/s/article/K14391041 Implementing basic OAuth with F5 BIG-IP APM After failing with the manual configuration I've also implemented the same basic concept with the two Guided Configuration "OAuth Authorization Server" and "F5 as OAuth Client and Resource Server". Both virtual Server have a different public resolvable hostnames. My issue exists during the following test: Accessing the first VS with APM Policy OAuth Client gets redirected to second VS (Oauth AS) Login with AD Credentials (successfull) Website is stuck after the Client is doing a /GET to https://hostname2.domain.ch/oauth/client/redirect?code=xxx123&state=yyy APM in Debug Logs the following Error: 'Invalid json' and 'Failed to perform curl: Failure when receiving data from the peer' I can see a "Requesting new token for server" and also issued Auth Codes, but never seen Issued Access Tokens. My Test was done from a Browser and also from Postman (same as in the Guide). Do you have any hints where my problem could be or if there is a Known Issue with the Version 17.1.2.1. I appreaciate everyones help!
