F5 ADFS Deployment
Hi all
I'm currently deploying F5 ltm+apm to facilitate SSO for office 365 and a few other applications that are tied into the ADFS infrastructure.
I followed several deployment guides and the solution is 90% working! Users trying to sign into office 365 are redirected to the APM login page fine and can authenticate, SSO credentials are passed to the ADFS farm and users are redirected to their mail mailbox.
When accessing another resource such as service now they automatically are logged in. All well and good. When we went live their connection count spiked and they hit the CCU limit even though there aren't over 5000 users.
We reduced the idle timeout on the access policy to 10 seconds as per recommended in the deployment guide as it seems there were a number of connections coming from Microsoft ip addresses stacking up and consuming the access policy sessions.
Now when successfully authenticating to o365 and then accessing the other resource after a few minutes they are getting reprompted on the apm. It was my understanding that the users should receive a cookie from the ADFS farm which allowed them roaches all resources in the federation and only when the cookie wasn't present redirect them to the APM.
Have I missed something? Is the APM masking the federation cookie and its being removed after the time out?