Exchange iApp credential caching

Question

Hi everyone, &nbsp;
I configured exchange server access using standard f5 iapp template. When user changes  password in active directory, activesync and outlook are still working with old password for about an hour. Web access is working properly with new password and not accepting old password. We want the old password to stop working immediately.&nbsp;
Any suggestions?&nbsp;

youssef1 · Answer

Hello giokupra,&nbsp;
AS and OA access is done trough APM policies? &nbsp;
Regards&nbsp;

giokupra_349354 · Answer

yes, AS and OA access is done through APM&nbsp;

youssef1 · Answer

So I suppose that when you access the services you meet the different criteria of your APM policy:&nbsp;
-&gt; Basic auth for AS&nbsp;
-&gt; NTLM for OA&nbsp;
Then the SSO triggers based on your initial authentication when accessing the APM policy.
If user change his pwd during AS session (example), He will send his old pwd to Exchange AS, it will cause disabling SSO in the APM session. since you are connected to your session, it does not ask you to authenticate until timeout.&nbsp;
You can reduce APM Timeout session or if it is possible to make an irule that allows to delete the current session if the SSO fail. This will reinstate the session and the pwd will be requested again...&nbsp;
Regards&nbsp;

youssef1 · Answer

So I suppose that when you access the services you meet the different criteria of your APM policy:&nbsp;
-&gt; Basic auth for AS&nbsp;
-&gt; NTLM for OA&nbsp;
Then the SSO triggers based on your initial authentication when accessing the APM policy.
If user change his pwd during AS session (example), He will send his old pwd to Exchange AS, it will cause disabling SSO in the APM session. since you are connected to your session, it does not ask you to authenticate until timeout.&nbsp;
You can reduce APM Timeout session or if it is possible to make an irule that allows to delete the current session if the SSO fail. This will reinstate the session and the pwd will be requested again...&nbsp;
Regards&nbsp;

Forum Discussion

Exchange iApp credential caching

4 Replies

Recent Discussions

Errors with AS3 3.56.0 with F5 17.5.1.6

F5 ASM/AWAF – violations logged but no learning suggestions generated

F5 VELOS Backplane Inter-Tenants Communication

migrate from serie I to R. Cluster LTM-GTM

Best Practice guide for enabling Attack signature In BIG-IP ASM

Related Content

Overview of MITRE ATT&CK Tactic : TA0006-Credential Access

OWASP Automated Threats - Credential Stuffing (OAT-008)

Leaked Credential Check with Advanced WAF

Apple’s MIE, Fake Chrome Ext, and C2PA Content Credentials in Google Pixel

Creating a Credential in F5 Distributed Cloud for Azure

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS