Forum Discussion

Nuruddin_Ahmed_'s avatar
Nuruddin_Ahmed_
Icon for Cirrostratus rankCirrostratus
Mar 16, 2016

APM Basic Authentication giving 401 Authorization error

Hi,

 

We have an IIS based application which is working fine within our LAN and through a different load balancer from internet. Authentication works well with the existing load balancer. We are trying to migrate this portal to F5 and basic authentication would be done on F5. Authentication works well on F5 but we get Unauthorized/401 error page when we try to access. Server is doing restriction for authentication & authorization based on an AD group. Authentication via F5 works well but fails for authorization.

 

 

Also, we have an irule for this VS to pass the authentication

 

when ACCESS_ACL_ALLOWED { set sessionid [ACCESS::session data get "session.user.sessionid"] HTTP::header insert APM_session $sessionid }

 

Any clue/suggestions as i am working on APM for the first time.

 

Thanks

 

APM
application delivery

4 Replies

Sort By
  • MEmin's avatar
    MEmin
    Icon for Nimbostratus rankNimbostratus
    Mar 16, 2016

    Hi Nuruddin; I think you should put "Full Resource Assign" Item after "SSO" BR

     

  • Seth_Cooper's avatar
    Seth_Cooper
    Icon for Employee rankEmployee
    Mar 16, 2016

    Based on your question is appears that you are using a basic logon page / AD Auth on the APM but when the traffic is allowed from APM and goes to the web app you are getting a 401 from the web app? Do you have SSO configured for this access policy? You should be able to configured Basic auth in SSO and then when the APM sees the 401 it will respond with the creds needed to authenticate on the backend.

     

    Seth

     

  • Nuruddin_Ahmed_'s avatar
    Nuruddin_Ahmed_
    Icon for Cirrostratus rankCirrostratus
    Mar 17, 2016

    Hi Cooper, we have configured SSO and inserting domain name in variable assign (which i distorted in the image)

     

     

     

    • Nuruddin_Ahmed_'s avatar
      Nuruddin_Ahmed_
      Icon for Cirrostratus rankCirrostratus
      Mar 17, 2016
      Just checked the back end server logs, F5 is not passing the credentials to the server (username is '-' ). while when we disable the APM then it works fine (authenticated by back end server directly). Not sure what needs to be checked here :(