Placing APM in front of SharePoint 2010

Question

All,&nbsp;
&nbsp;Having some difficulties in getting APM to work with Sharepoint 2010. This is on a F5 running latest 11.1 version.&nbsp;
&nbsp;The APM bit to collect username and password and authenticating to our AD server works fine. The problem is that Sharepoint is insisting on asking for its own Form based authentication credentials as well - we want to use SSO.&nbsp;
&nbsp;I have tried basic, ntlm's and form based SSO - none of them seem to want to work.&nbsp;
&nbsp;I am no expert in Sharepoint, but I have been assured that using the Forms based authentication is required as Basic authentication wont work with an external LDAP provider.&nbsp;
&nbsp;The Form that Sharepoint presents has silly field names like:
&nbsp;  ctl00$PlaceHolderMain$signInControl$login
&nbsp;  ctl00$PlaceHolderMain$signInControl$UserName
&nbsp;  ctl00$PlaceHolderMain$signInControl$password&nbsp;
&nbsp;When plug these into the SSO and try to connect I can see from a network snoop that Sharepoint is just sending back the logon form again - no reason why it is rejecting it.&nbsp;
&nbsp;I suspect that it requires some extra hidden fields or cookies to work - but how do I work out what?&nbsp;
&nbsp;As a debugging tool I am trying commands like this from the F5 console:
&nbsp;  curl --trace - -d 'ctl00$PlaceHolderMain$signInControl$login=Sign%20In' -d 'ctl00$PlaceHolderMain$signInControl$UserName=wilsonjp' -d 'ctl00$PlaceHolderMain$signInControl$password=BOGUS' http://spointextweb/_forms/default.aspx&nbsp;
&nbsp;Anybody have any ideas? We have SSO working with Apache, Tomcat, Weblogic, etc - this is the first Sharepoint deployment.&nbsp;
&nbsp;Thanks for any assistance!&nbsp;
&nbsp;Jason&nbsp;

mikeshimkus_111 · Answer

hi Jason, our guidance for using SharePoint with an SSO in APM requires setting the SharePoint servers to NTLM authentication.  I don't believe we have anything yet for using a forms-based SSO, but I will double-check.  Is it possible to change the authentication mode on your SharePoint farm?

jason_46956 · Answer

Thanks for the advice. 
&nbsp;  
&nbsp; After much effort I have managed to get the business o rebuuld heir SharePoint and configured it to use NTLM based authentication - this is now working well with SSO. 
&nbsp;  
&nbsp; The next problem comes when they wish to use the 'feature' of allowing users to download, for example, a Microsoft Word document and edit he document. Internet Explorer offloads the downloading to Word, which when it hits the APM module fails as it doesn't seem to understand cookies and web logon forms. 
&nbsp;  
&nbsp; I am trying to find some information on how Microsoft handles passing authentication credentials between IE and Word - does anybody have any idea? 
&nbsp;  
&nbsp; Jason

michael_koyfma1 · Answer

Jason, 
&nbsp;  
&nbsp; Assuming you are still running v11.1, just check Persistent cookie option under SSO/Auth tab of the Access Policy, and you should be good to go.

jason_46956 · Answer

Michael,&nbsp;
&nbsp;Thanks for that - did the trick. Customer is now happy (always a good sign!).&nbsp;
&nbsp;Jason&nbsp;

inno · Answer

Hi, &nbsp;
I was able to make any form of SSO work well with Sharepoint 2010 and 2013 : NTLM, Kerberos, and Form-Based with 11.4.x. For this last one, you have to use the Form-Based Client Initiated. Be careful though, using this feature can make a TMM core occur. Opened a support ticket with F5, they were able to identify a bug, and recently provided us an engineering hotfix which correct that (among 300+ other bugs).&nbsp;

Forum Discussion

Placing APM in front of SharePoint 2010

8 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Placing BIG-IP DNS in front of a Pool of DNS Servers

Perform out-of-place upgrade of vCMP guests via Ansible

APM Sharepoint authentication

APM Sharepoint authentication v2

iRule for migrating to Sharepoint Online