Forum Discussion
Gilles,
I do believe I have seen this as a bug. To mitigate this, you can set the number of authentication attempts under AD Auth to 1, and it will terminate the session after each unsuccessful attempt, so user would have to click on a new link to start a new session. As a plus, you can customize the message upon auth failure to give user feedback on what to look out for. For example, you can check the value of AD error message value using this syntax: expr { [mcget {session.ad.last.errmsg}] contains "Invalid user credentials"} and customize feedback to user accordingly on the Deny page based upon the value et in that variable.
Hi Michael,
thank you for your reply. We have upgraded our F5 platform a few days ago and are now on the latest release 12.1.1 HF2.
Before we were on 11.6.0 HF6 and I'm not 100% sure, but I think we did not have this kind of problem before.
Is there no other possibility, for example resetting the variable to none after the logon fails?
Do you know where the loop is done to the logon page again if logon fails? I suppose that the policy is not executed from the beginning, but that the loop is integrated in the AD authentication object in VPE? Is this correct?
Kind regards,
Gilles