APM replacing ADFS proxy 3.0 : different behavior based on user agent value
Hi, I am deploying F5 APM as ADFS proxy using deployment guide v1.4. I configured AD auth and NTLM SSO. when authenticating with firefox, SSO does not work and ADFS server request form based authentication (it is my default test browser and I did not try with IE). I searched on devcentral if there is anything else to configure to support ADFS 3.0. I found this article about configuring form based authentication on ADFS server. To support ADFS proxy for any browser, I customized the irule provided in the deployment guide like that: when HTTP_REQUEST { set keepua 0 For external Lync client access all external requests to the /trust/mex URL must be routed to /trust/proxymex. Analyze and modify the URI where appropriate HTTP::uri [string map {/trust/mex /trust/proxymex} [HTTP::uri]] Analyze the HTTP request and disable access policy enforcement WS-Trust calls if {[HTTP::uri] contains "/adfs/services/trust"} { ACCESS::disable set keepua 1 } OPTIONAL ---- To allow publishing of the federation service metadata if {[HTTP::uri] ends_with "FederationMetadata/2007-06/FederationMetadata.xml"} { ACCESS::disable set keepua 1 } if { !($keepua) } { HTTP::header replace "User-Agent" "Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko msie7" } } it replace the client user agent by one supported by ADFS server for NTLM auth. Am I the first who get this error? is there a better solution to solve this issue? Regards, Stanislas380Views0likes2Comments