For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Posterus_85681's avatar
Posterus_85681
Icon for Nimbostratus rankNimbostratus
Sep 29, 2015

clientless-mode, session-cookie and policy re-evaluation

Hi Everyone,   I am trying to use the inbuilt OTP functions within APM, so that they can be consumed by other systems that want to use OTP.   I have managed to use clientless-mode and have a sy...
BIG-IP Access Policy Manager (APM)
security
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Sep 29, 2015

Hi,

 

clientless mode is a dedicated mode to authenticate user in one request.

 

the session status must be Allow or deny at the end of the session.

 

OTP password must be entered within the session.

 

I'm not sure you can use OTP with clientless mode. you can try SWG-explicit profile type instead of clientless mode (SWG-explicit profile enter in a kind of clientless mode, but supporting ip source based session)