How to configure AD credential passthrough with F5

That can be managed via APM. https://devcentral.f5.com/wiki/APM.HomePage.ashx

Thanks for your quick answer, I have configured through APM our Login page, AD authentication with our AD server followed by SSO. However, I am having difficulty with the redirect to /xxx. If I create an iRule, the iRule kicks in before my login page. So not sure where to redirect to /xxx.

I believe you can put an iRule in your APM policy, so that it's part of the flow. You could also put a conditional in your iRule to take into consideration the current APM status. https://devcentral.f5.com/wiki/iRules.APM.ashx

All right I think I am almost there, I was able to add the redirect in my APM policy after my SSO but I may have another issue. My redirect point to my DMZ server and eventhough I have remove the check box for "do not close my session" with my APM policy I seem to get out of my virtual server and end up directly in my web server. This causes my SSO not to pass my credentials over. Or at least that is my theory. How to I stay in my virtual server?

It's quite likely a 301/302 redirect coming from your backend server. You could address that by adding some rewrite policies, or deal with it in your iRule.

You could add some logging to your iRule to see what the backend is returning:

when HTTP_RESPONSE {
  foreach aHeader [HTTP::header names] {
      log local0. "$aHeader: [HTTP::header value $aHeader]"
  }
}

Presumably it's sending a location header, which you could just modify with a string map.

HTTP::header replace Location [string map {something somethingelse} [HTTP::header Location]]