Use this iApp template for configuring standard load balancing, monitoring and TCP optimization for Microsoft Active Directory Federation Servers (AD FS and AD FS Proxy). If APM is provisioned, the template should support configuring pre-authentication for ADFS servers running in Windows Authentication mode. Minimum required BIG-IP version: 11.2.
If you are deploying APM for authentication proxy to AD FS services, you must enable Windows Authentication in the Intranet section of the AD FS Global Authentication Policy.
Added support for ADFS 4.0
Made 49443 device registration/certificate authentication objects optional via a question.
Made ADFSPIP iRule automatic but only when APM set to yes.
Added support for an existing APM profile to be selected from within the iApp.
Added forms SSO for /adfs/ls endpoint into the iApp via a question
Fixed an "app_health__frequency variable not found" issue when using a custom monitor
Added support if a custom pool is chosen AND certificate authentication/device registration is set to yes to display an option for what pool to use for cert auth/device registration.(As the ports would be different)
Added certificate auth objects(49443) and MS-ADFSPIP headers irule.
Added iRule to disable APM for MS Federation Gateway endpoint(s)
Fixed an "iapp::template_start" error when importing the template.
Fixed a "runtime exceeded" error caused by incorrect syntax in external SNI monitor.
Corrected external monitor cURL command to fix issue with pool members being marked down incorrectly.
Added support for FastL4 deployment.
Fixed issue with broken APM Quick Start page previews.
Changes to external monitor script: removed verbose flag; corrected output redirection.
Fixed an issue with the associated cli script that could prevent users from importing iApp templates.
Official release of 1.0.0
The official F5 supported version of this iApp is now on downloads.f5.com. See https://support.f5.com/kb/en-us/solutions/public/17000/000/sol17041.html for information. For the associated Deployment Guide, see http://www.f5.com/pdf/deployment-guides/microsoft-adfs-dg.pdf
Has anyone come across an issue where, when you select to use an existing access policy the F5 doesn’t return the response to the client?
We have the iapp deployed on v11.4.1
If we select no apm, then disable strict updates and manually apply our existing AP it works!?!?
in my opinion the Network part "Which VLANs transport client traffic?" isn't working corretctly.
If I'm selecting "no VLANs", no VLANS are slected in the Virtual Server, too. In the description is written:
"If you do not move any VLANs to the Selected box, the BIG-IP system accepts traffic from all VLANs"
- That's wrong!
Further I can not add any Coonectivity Profile to the Virtual Server VLAN Section. The result is, that VPN Access to the VIP is not working.
we have the same problem with the iApp. Vlan selection does not include connectivity profiles needed for vpn access. Moving no vlan into the box does only use 'all vlans' but not any cp.
Any chance for implementing the CPs to the selection?