APM SSO Between NTLM and Forms Based
HI All, I’ve been struggling to get this working and could use some insight. Here’s my setup: I have three applications under the same mycompany.com domain, each with its own virtual server and access policy, all in the same partition. All three currently use NTLM v2 authentication on the application side. Two of them (APP1 and APP2) have full LTM+APM policies with login pages and AD authentication. The third (APP3) uses SSO only. Right now, they all share the same NTLM SSO profile, and everything runs perfectly. To access APP3, if there’s no active APM session, the user is redirected to APP1, logs in there, and then clicks a link to reach APP3 without reauthenticating. Now, APP3 (which is SSO-only) is switching from NTLM to forms-based authentication. For my proof of concept, I replaced the NTLM SSO profile in APP3’s AP policy with a forms SSO profile. However, I can’t get the login to APP3 to work. Instead of getting logged in to the application I get forms authentication page presented to me. In fact, APP3’s web server logs don’t even show any POST requests from APM attempting to submit credentials. APM log does not seem to reveal anything in debug mode. It only shown APP1 access policy being processed but the second you click on the app it records nothing SSO related. Any advice is greatly appreciated. Thanks, Alex
Kerberos SSO failed for Microsoft Remote Desktop Services
I’m trying to setup Kerberos SSO for Remote Desktop using smartcard and the SSO is not working. After authenticated via F5 against LDAP server and validated, I see icons populated from MS Remote Desktop Web Access, however when I clicked on the icons, it prompted for AD username/password. I know the Kerberos is working because I can see it’s obtained Kerberos tickets in the logs. S4U ======> OK! So I know the Kerberos is working but not able to provide SSO. F5 APM v13 Microsoft Windows 2016; MS RDS Web Access For Remote Desktop profile, I enabled both Single Sign-on and Standalone Client Settings. Any idea?
Using "table" iRule command inside the ACESS_SESSION_CLOSED APM event
Hello everyone, I'm in version 13.1.0.2 and I'm facing an issue when using the "table" iRule command with the ACCESS_SESSION_CLOSED event : This is an LTM+APM deployement (web application access) I have an empty access policy ( start --> allow ) I have associated the following iRule to the virtual server : when ACCESS_SESSION_STARTED { if { [table lookup "toto"] != "" } { log local0. "found !" } else { log local0. "not found !" } } when ACCESS_SESSION_CLOSED { table set "toto" "myData" 1800 log local0. "adding toto to the shared table !" } I noticed that whenever I kill a perticular session and re establish a new session, the entry is never found in the table (I have choosen a 30min timeout so that I can easly disconnect and reconnect without having the entry times out) After further testing I noticed that whenever I use the "table" command in the ACCESS_SESSION_CLOSED , this entry is deleted right after the session is closed. I found this article K58224211 which describe a known bug, however it should be fixed since version 12.0.0. (btw I also performed the same test in 12.1.2 and 12.1.3 with the same result) am I missing somehting in my iRule ? or did I just hit a new bug ? Any help would be apriciated many thanks,
Big-Ip Edge Client specials characters problems
Hello, I have installed the big-ip edge client version 7.2.4.5 with APM modern and I have some problem with specials characters in FRENCH as shown on the screenshot. What do I need to do ? I tried to modify the text on the general customization but I got an script error after that. Regards, Miguel Campos
URL Filtering vs SWG
Hi, I tried to find some more precise info about two additional features provided by SWG license (in compare to URL Filtering license) but there is not a lot available. According to my knowledge SWG license is offering two additional features not present in URL Filtering: Malware detection and protection Real-Time content classification It seems that both services are based on Websense technology but what exactly they provide and how they work? Is there a way to turn on/off above, any configuration? Will appreciate pointing me to some more in depth docs or sharing some real life experiences with those functions. Piotr
