auth_result fired twice?

Sorry for hijacking your issue Hui but mine sounds very similar to yours and my investigation my assist us both in getting a resolution :-)

 

 

I am running v 10.0.1 Build 354.0.

 

 

In my CLIENTSSL_CLIENTCERT event I perform an LDAP Authenticate based on information provided in the Client Certificate. This causes an AUTH_RESULT event to fire and I perform my checks and set variables etc. This all works great for a number of clients, however, a few (3 to be correct) cause a rogue AUTH_RESULT event to fire at exactly the same time as our TCP Idle Timeout setting is reached. This causes nothing but pain as there is in reality no result to check, thus I flag everything as invalid and hence any other data being sent using the SSL Session Id is then dropped.

 

 

Apart from doing an AUTH::authenticate, what else would cause the AUTH_RESULT to fire? Why don't the majority of clients get this extra AUTH_RESULT after their TCP Session Idle Timeout is reached?

 

 

An interesting side note is that we can get one of the clients to work if we change their environment. They are connecting to the internet via a LinkSys router plugged into an ADSL modem. If the the LinkSys is taken out of the equation, and the client device is plugged directly into the ADSL modem, everthing works as it should. How this small change can affect the events that are fired on the F5 is beyond me and may be coincidental. TCPdumps show no rogue data or flags coming from the device to the F5, but if it did I would expect a CLIENTSSL_DATA event to fire which it doesn't.

 

 

We are about to go to v 10.1 in the next week or so and this may resolve this issue as one of the fixes may make the TCP session shutdown cleanly rather than waiting for the F5 Idle Timeout to force a reset. Will post an update to advise the outcome of the update.

 

 

Thanks,

 

Craig