Forum Discussion
NimbostratusApm Sessions With multiple landing URI's
Hi,
I have apm configured on one of our virtual servers. When user accessing certain URI's he is presented with an apm logon page, depending on the URI. I used the action "Landing URI" and for each uri I configured various options and access checks. Everything is working great but the problem is when a user that is already authenticated and passed all the required checks to access a certain application can now access the rest of the applications as well as he already have a valid apm session although the rest of the applications requires a different set a checks. How can I prevent it?
Thanks, Alex
3 Replies
- Kevin_Stewart
Employee
The short answer is that it doesn't work that way. Once an access policy has reach an ending branch, it will not start over or re-evaluate any of the policy. You would either need to invalidate the existing session and have the user start over from scratch, or if you need to maintain information from the previous session, then an iRule technique I call "privilege escalation":
https://devcentral.f5.com/questions/apm-different-authentication-level-for-different-uri
Nimo_3485Hi Kevin,
Thanks for the reference, ill try it out...
Mahmoud_Eldeeb_Cirrostratus
yes, I agree with Kevin
