Lab 4: ADFS Proxy using Pre-Authentication

Task 1 - Setup Lab Environment

To access your dedicated student lab environment, you will require a web browser and Remote Desktop Protocol (RDP) client software. The web browser will be used to access the Lab Training Portal. The RDP client will be used to connect to the Jump Host, where you will be able to access the BIG-IP management interfaces (HTTPS, SSH).

  1. Click DEPLOYMENT located on the top left corner to display the environment

  2. Click ACCESS next to jumpohost.f5lab.local

    image001

  3. Select your RDP resolution.

  4. The RDP client on your local host establishes a RDP connection to the Jumphost.

  5. Login with the following credentials:

    • User: f5lab\user1
    • Password: user1

  6. After successful logon the Chrome browser will auto launch opening the site https://portal.f5lab.local. This process usually takes 30 seconds after logon.

  7. Click the Classes tab at the top of the page.

    image002

  8. Scroll down the page until you see 203 Microsoft Integrations on the left

    image003

  9. Hover over tile ADFS Proxy using Pre-Authentication. A start and stop icon should appear within the tile. Click the Play Button to start the automation to build the environment

    image004 image005

  10. The screen should refresh displaying the progress of the automation within 30 seconds. Scroll to the bottom of the automation workflow to ensure all requests succeeded. If you experience errors try running the automation a second time or open an issue on the Access Labs Repo.

    image006

Task 2 - Access the Microsoft ADFS guided configuration

  1. From the jumphost browser navigate to https://bigip1.f5lab.local

  2. Login with the following credentials:

    • username admin
    • password admin

  3. Click on the Access tab located on the left side.

    image009

  4. Click Guided Configuration

    image010

  5. Click Microsoft Integration

    image011

  6. Click ADFS Proxy

    image012

  7. Click Next

    image013

Task 3 - ADFS Proxy Settings

  1. Enter the Configuration Name ADFS_PROXY

  2. Enter the ADFS FQDN adfs.acme.com

  3. Select the Authenticatin Method Access Policy Authentication

  4. Select Access Policy Authentication Type Only Endpoint Checks

  5. Click Save & Next

    image014

Task 4 - Virtual Server Properties

  1. Enter the Destination Address 10.1.10.101

  2. Select the Client SSL Certificate acme.com-wildcard

  3. Select the Associated Private Key acme.com-wilcard

  4. Click Save & Next

    image015

Task 5 - ADFS Server Pool Properties

  1. Enter the IP address 10.1.20.13

  2. Click Save & Next

    image016

Task 6 - Authentication Properties

  1. From the Choose Authentication Server dropdown select Create New

    image017

  2. Enter the Domain Name f5lab.local

  3. Select Use Pool

  4. Select Domain Controller Pool Name AD_POOL

  5. For Domain Controllers enter the IP address 10.1.20.7 and Hostname dc1.f5lab.local

  6. Enter Admin Name admin

  7. Enter Admin Password admin

  8. Enter Verify Admin Password admin

  9. Click Save & Next

    image018

Task 7 - MFA Properties

  1. Click Save & Next

    image019

Task 8 - Endpoint Check Properties

  1. Click Save & Next

    image020

Task 9 - Customization Properties

  1. Click Save & Next

    image021

    image022

Task 10 - Logon Protection Properties

  1. Click Save & Next

    image023

Task 11 - Session Management Properties

  1. Click Save & Next

    image024

Task 12 - Summary

  1. Click Deploy

    image025

  2. Click Establish Trust

    image026

  3. Enter the Username admin

  4. Enter the Password admin

  5. Click Establish Trust

    image027

  6. A certificate appears under the Establish Trust section signifying the trust was successfully established.

  7. Click Finish

    image028

  8. The configuration has been successfully deployed

    image029

Task 13 - Test APM Authentication

  1. On the jumphost open a webbrowser and navigate to https://sp.acme.com. You will redirected to https://adfs.acme.com

  2. Enter the username user1

  3. Enter the password user1

  4. Click Logon

    image030

  5. After successful login at ADFS you redirected to http://sp.acme.com

    image031

Task 14 - Lab Cleanup

  1. From the jumphost browser navigate to https://bigip1.f5lab.local

  2. Login with the following credentials:

    • username admin
    • password admin

  3. Navigate to Access -> Guided Configuration in the left-hand menu.

    image010

  4. Click the Undeploy button

    image032

  5. Click OK when asked, “Are you sure you want to undeploy this configuration?”

    image033

  6. Click the Delete button once the deployment is undeployed

    image034

  7. Click OK when asked, “Are you sure you want to delete this configuration?”

    image035

  8. The Configuration section should now be empty

    image036

  9. From a browser on the jumphost navigate to https://portal.f5lab.local

  10. Click the Classes tab at the top of the page.

    image002

  11. Scroll down the page until you see 203 - Microsoft Integration on the left

    image003

  12. Hover over the tile ADFS Proxy using Pre-Authentication. A start and stop icon should appear within the tile. Click the Stop Button to start the automation to delete any prebuilt objects

    image004 image007

  13. The screen should refresh displaying the progress of the automation within 30 seconds. Scroll to the bottom of the automation workflow to ensure all requests succeeded. If you you experience errors try running the automation a second time or open an issue on the Access Labs Repo.

    image008

  14. This concludes Lab 4.

    image000