F5 apm adfs/o365 with mobile apps

For some of the mobile apps, such as Onedrive and outlook, adfs forces the use of form based authentication, which with the iapp, does not get any sso treatment.

Has anyone managed to work around this? And if so how?

I attempted the following:

when ACCESS_ACL_ALLOWED { if { ([string tolower [URI::query [HTTP::uri] wauth]] contains "microsoft") } { log local0. "wauth: [HTTP::header Content-Length] [HTTP::method] [HTTP::uri]" WEBSSO::select [set foo /Common/adfs_form_based_sso] } }

And it does appear that it is working, except the authentication fails. I have tested down to copying the post request to the backend server replacing f5-sso-token with the real password, and it works.