For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Martin_Robbins's avatar
Martin_Robbins
Icon for Nimbostratus rankNimbostratus
Mar 28, 2014

Hi,

 

Thanks for trying, the other situation it happens in is when a user changes their AD password on another device whilst the session is still active but obviously you want it to deny access on that.

 

Not sure if it is a fix but I added this iRule to the last irule on the VS and it seems to have helped but it isn't test by any stretch of the imagination .. 8-)

 

if { [ACCESS::session data get "session.sso.token.last.username.sso.state"] equals "1" }{
      log local0. "Session \"[ACCESS::session sid]\", WebSSO is LOST."
      
      ACCESS::session data set "session.sso.token.last.username.sso.state" 0
      
      clientside { HTTP::respond 403 content "The page cannot be displayedError Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator." noserver Pragma "no-cache" Cache-Control "no-cache, must-revalidate" Content-Type "text/html" }
      
}

Cheers for any comments/help.