CirrusAn odd request
Received a request from a customer that I just cannot see how the F5 could ever accomplish this task.
Problem:
There are kiosk placed in various locations which allow users to access sites to check their information. Issue is that User-A logs into a website using their certificate then User-A removes their cert card and leaves the browser up. Then User-B goes up to the kiosk inserts their cert card, but since User-A already logged in and did not logout User-B is able to get to access sites under User-A.
The customer is wanting the F5 to magically know that the cert card has been removed and to end the ssl session. I am telling them that until F5 gets some type of traffic back the ssl session will remain valid until the times outs are reached.
I could tell the F5 in the client ssl profile to change the frequency under client authentication to always, but is still not going to solve the problem. Strict Resume will not work since it is based on unclean shutdown. Lowering the Cache Timeout will not solve the problem. Setting the Alert Timeout still will not work. Setting the Renegotiate Period might help, but how many seconds, even then if someone comes immediately behind the last User then it ends.
I think what is required that an application is written and running as service. When the application receive notification that the cert card has been removed from the card reader that it automatically shuts down the browser.
Any ideas?
