Forum Discussion
By "use them for APM", what do you mean exactly? Not sure if you're talking about use in SSO (apm authenticates on behalf of the user) or use in AAA (apm checks user's credentials against an authentication server).
AAA must happen during access policy evaluation (before user hits Allow or Deny or Redirect ending in VPE).
SSO must happen after access policy evaluation (after user hits Allow or Deny or Redirect ending in VPE).
If you could more fully explain your use case, it would help. If you're not sure about your client device's interaction or what browser / app / etc you're using, you may need to perform decrypted packet captures using SSLDump. There are detailed instructions about how to do that here:
https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html