Forum Discussion

Dev_56330's avatar
Dev_56330
Icon for Cirrus rankCirrus
Jun 09, 2015

VMware View with CAC Authentication Failing

I have just deployed a VMware View 6.2 using the F5 Big IP View iApp on my 11.6 HF1 Big IP. However, when launching the view client and attempting to authenticate I am prompted with username and password versus token pin. When going directly to the View Broker I receive the expected result of being prompted for a token pin versus username and pw. I am not enabling APM but my expectations are that I do not need APM to utilize token log in if all users sit on the LAN. Other than that my settings are below.

 

Settings

 

Basic - Use F5's recommended settings Do not deploy BIG-IP Access Manager SSL Bridging No, PCOIP connections should not go through the BIG-IP system Service Port 443 Do not compress HTTP responses Create a simple health monitor 30 seconds pass between health checks

 

APM
application delivery
deployment
devops
iApps
LTM
security

3 Replies

Sort By
  • Dev_56330's avatar
    Dev_56330
    Icon for Cirrus rankCirrus
    Jun 10, 2015
    Just another note. I am not looking to have the Big IP perform the authentication but rather still have the broker perform authentication. Can I not use a Standard Virtual Server without APM and still use CAC/token authentication? A Fast Layer 4 profile works just fine but when converting to a standard VS using the View iApp is when I stop getting prompted for CAC/Token credentials.
  • Ed_Summers's avatar
    Ed_Summers
    Icon for Nimbostratus rankNimbostratus
    Jun 11, 2015
    I haven't used the iApp to set up this type of service, but wanted to verify you are operating in an "SSL pass-through" mode rather than off-load or another method...? My understanding is that, unless you are utilizing functions of APM or the (limited?) capability of 'Proxy SSL', the SSL/TLS session must terminate directly on the back-end server. Hope this helps somewhat? -Ed
  • MichaelatF5's avatar
    MichaelatF5
    Icon for Employee rankEmployee
    Jul 07, 2015

    Have you spoken with your Federal account team? There are a lot of caveats and gotchas that we can talk to you about to help clear some of this up that DC doesn't really allow us to share.

     

    If you don't know who your account team is, you can email Federal [at] F5.com and get connected.