Forum Discussion
elpatronuno_269
Nimbostratus
NimbostratusForcing re-authentication of site with same browser instance & site
i have a challenge. For v9.4, Using irules to authenticate to a site with a certificate. Would like to force re-authentication with cert after logging out of site in the same browser instance (not closing & re-opening new browser).
One known way of doing this to clear the client browser SSL cache. This only works for IE and not Firefox.
Is there a way to do this using irules? I tried several commands in the http_request & http_response events.
Any suggestions would be most appreciated.
Thanks...
Brian
2 Replies
hoolioCirrostratus
Hi Brian,
I think you could use 'SSL::session invalidate' to remove the client's SSL session ID from LTM's cache, followed by SSL::renegotiate to request the client to re-authenticate with a client cert.
http://devcentral.f5.com/wiki/default.aspx/iRules/ssl__session
http://devcentral.f5.com/wiki/default.aspx/iRules/ssl__renegotiate
Aaron- hoolioHi Brian,
I'm not sure why. I'd suggest adding debug logging to the iRule, capture a tcpdump for IE and FF and use ssldump to compare the two traces.
Here are some related AskF5 solutions:
SOL411 - Overview of packet tracing with the tcpdump utility
http://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html
SOL10209: Overview of packet tracing with the ssldump utility
http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html
Aaron
