APM replacing ADFS proxy 3.0 : different behavior based on user agent value

Hi,

I am deploying F5 APM as ADFS proxy using deployment guide v1.4.

I configured AD auth and NTLM SSO.

when authenticating with firefox, SSO does not work and ADFS server request form based authentication (it is my default test browser and I did not try with IE). I searched on devcentral if there is anything else to configure to support ADFS 3.0.

I found this article about configuring form based authentication on ADFS server.

To support ADFS proxy for any browser, I customized the irule provided in the deployment guide like that:

when HTTP_REQUEST {
    set keepua 0
     For external Lync client access all external requests to the
     /trust/mex URL must be routed to /trust/proxymex. Analyze and modify the URI 
     where appropriate
    HTTP::uri [string map {/trust/mex /trust/proxymex} [HTTP::uri]]
     Analyze the HTTP request and disable access policy enforcement WS-Trust calls 
    if {[HTTP::uri] contains "/adfs/services/trust"} {
        ACCESS::disable
        set keepua 1
    }
     OPTIONAL ---- To allow publishing of the federation service metadata
    if {[HTTP::uri] ends_with "FederationMetadata/2007-06/FederationMetadata.xml"} {
        ACCESS::disable 
        set keepua 1
    }
    if { !($keepua) } { HTTP::header replace "User-Agent" "Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko msie7"  }

}

it replace the client user agent by one supported by ADFS server for NTLM auth.

Am I the first who get this error? is there a better solution to solve this issue?

Regards,

Stanislas