Last Modified: Dec 16, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
17.5.1, 17.5.1.2, 17.5.1.3
Fixed In:
21.0.0
Opened: Aug 20, 2025 Severity: 3-Major
Unable to forward NTLM SSO back-end cookies to front-end. NTLM has three HTTP round-trips and can set different sets of cookies in each trip. After successful NTLM SSO, APM does not forward some cookies from the back-end to the front-end.
Cookies are not sent to the client side, and SSO negotiation fails.
-- NTLM SSO is configured. -- The server side sends one or more 401 responses to the BIG-IP system during the transaction, followed by a 200 response.
None
Send relevant cookies in response.