Forum Discussion

elpatronuno_269's avatar
elpatronuno_269
Icon for Nimbostratus rankNimbostratus
Oct 22, 2010

Forcing re-authentication of site with same browser instance & site

i have a challenge. For v9.4, Using irules to authenticate to a site with a certificate. Would like to force re-authentication with cert after logging out of site in the same browser instance (not closing & re-opening new browser).

 

 

One known way of doing this to clear the client browser SSL cache. This only works for IE and not Firefox.

 

 

 

Is there a way to do this using irules? I tried several commands in the http_request & http_response events.

 

 

 

Any suggestions would be most appreciated.

 

 

 

Thanks...

 

 

 

Brian

 

application delivery
dev
devops
iRules
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 22, 2010
    Hi Brian,

     

     

    I think you could use 'SSL::session invalidate' to remove the client's SSL session ID from LTM's cache, followed by SSL::renegotiate to request the client to re-authenticate with a client cert.

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/ssl__session

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/ssl__renegotiate

     

     

    Aaron

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 22, 2010
    Hi Brian,

     

     

    I'm not sure why. I'd suggest adding debug logging to the iRule, capture a tcpdump for IE and FF and use ssldump to compare the two traces.

     

     

    Here are some related AskF5 solutions:

     

     

    SOL411 - Overview of packet tracing with the tcpdump utility

     

    http://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html

     

     

    SOL10209: Overview of packet tracing with the ssldump utility

     

    http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html

     

     

    Aaron