APM - SSO Password Empty

Question

This is going through the Edge Portal app.  I have tested the process on Android and iOS and receive the same results.  I get to the login page, I enter my AD credentials and then does a SSO mapping to have access to our Intranet Sharepoint page.
I have tried both NTLMv1/2 on the portal resource + Access Policy SSO/Auth section.
User logs in with their AD credentials and also does a query lookup to make sure they are in the right security group to be able to get on the portal.
All of this is working fine and I am getting passed through my access policy successfully.  It keeps failing on the SSO part.  I have the variables for NTLMv1/2 and SSO Credential mapping set to session.logon.last.username/password and they match.
When I open the Edge Portal application, I enter my credentials and then I get another login screen wanting credentials and won't let me through.  I turned debug on for SSO and I receive the following:
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: ssoMethod: ntlmv2 usernameSource: session.logon.last.username passwordSource: session.logon.last.password ntlmdomain: abc.com
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: ctx: 0x938f7e0, CLIENT: TMEVT_REQUEST
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: ctx: 0x938f7e0, CLIENT: TMEVT_REQUEST_DONE
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: ctx: 0x938f7e0, CLIENT: TMEVT_SESSION_RESULT
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: ctx: 0x938f7e0, CLIENT: TMEVT_SESSION_RESULT
Nov 25 10:50:01 DC-LTM01 err websso.2[17219]: 014d0027:3: 539db945: Could not find SSO password, check SSO credential mapping agent setting
Nov 25 10:50:01 DC-LTM01 err websso.2[17219]: 014d0028:3: 539db945: Master Decyrpt failed for ckDecrypt: Ciphertext does not begin with master key prefix
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: ctx: 0x938f7e0, CLIENT: TMEVT_SESSION_RESULT
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: ctx: 0x938f7e0, CLIENT: TMEVT_SESSION_RESULT
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: ctx: 0x93d0fb0, SERVER: TMEVT_REQUEST
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: ctx: 0x93d0fb0, SERVER: TMEVT_RESPONSE
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: 14 headers received
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header *[:status][401 Unauthorized] (len=16)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header *[WWW-Authenticate][NTLM] (len=4)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header  [X-MS-InvokeApp][1; RequireReadOnly] (len=18)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header  [SPRequestGuid][209dcf9c-7b22-5094-e8d9-46722c6846ee] (len=36)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header  [MicrosoftSharePointTeamServices][15.0.0.4569] (len=11)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header  [X-Powered-By][ASP.NET] (len=7)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header  [SPIisLatency][0] (len=1)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header  [Content-Type][text/plain; charset=utf-8] (len=25)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header  [Content-Length][16] (len=2)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header  [Date][Tue, 25 Nov 2014 15:50:01 GMT] (len=29)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header  [request-id][209dcf9c-7b22-5094-e8d9-46722c6846ee] (len=36)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header  [X-Content-Type-Options][nosniff] (len=7)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header  [Server][Microsoft-IIS/8.5] (len=17)
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: http header  [SPRequestDuration][2] (len=1)
Nov 25 10:50:01 DC-LTM01 info websso.2[17219]: 014d0014:6: 539db945: Found HTTP 401 response for SSO configuration '/Common/sso_ntlmv2' type:'ntlmv2'
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: www-authenticate header: NTLM
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: ntlm auth: 0, ntlm state: 0
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: Parsing request cookies.
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: Cookie header: SPUsageId=1d55d13d-1d30-4355-b401-1d55ed6318a6
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: Parsing response cookies.
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: No set-cookie headers found
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: ctx: 0x938f7e0, CLIENT: TMEVT_RESPONSE
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: ctx: 0x938f7e0, CLIENT: TMEVT_RESPONSE_DONE
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: sso_disable: 0, _needAuth: 1
Nov 25 10:50:01 DC-LTM01 debug websso.2[17219]: 014d0001:7: empty password, pass through response.

kunjan · Answer

Any modifications done to default agent variable assignments in logon page  or sso credential mapping agent?&nbsp;

Forum Discussion

APM - SSO Password Empty

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Password Safety & Security: Passwords vs. Passphrases

APM Customization: Password Change Validation

Ansible module to update BIG-IP root/admin passwords

BIGIQ/DCD and BIGIP Admin password change

APM Password policy