APM AD Auth Password Change

Hello experts. AD Auth allows you to set the "Max Logon Attempts Allowed" and "Max Password Reset Attempts Allowed" (both default to 3). When you add the checkbox to the logon page and proceed to change the password (fail the complexity check 3 times), you are returned to the logon page. If you attempt to login again (but do not check the change_password box), you are still prompted to change the password.

 

The failure of the password reset attempts (3 times), only counts as 1 logon attempt. You would have to go through the process 9 times in order to reach the "Deny" which would end the session and allow you to start again.

 

Since you never leave the AD Auth step, you cannot take any action using an iRule (to end the session for instance). I think the user experience is not optimal. The only thing I could come up with is to set Max logins to 1 and Max Pass to 3 as I see this as a better option than not checking the change_password box and getting prompted to change the password.

 

Anyone know any better work arounds? Thanks in advance.