Forum Discussion

elpatronuno_269's avatar
Icon for Nimbostratus rankNimbostratus
Oct 22, 2010

Forcing re-authentication of site with same browser instance & site

i have a challenge. For v9.4, Using irules to authenticate to a site with a certificate. Would like to force re-authentication with cert after logging out of site in the same browser instance (not closing & re-opening new browser).



One known way of doing this to clear the client browser SSL cache. This only works for IE and not Firefox.




Is there a way to do this using irules? I tried several commands in the http_request & http_response events.




Any suggestions would be most appreciated.










2 Replies

  • Hi Brian,



    I think you could use 'SSL::session invalidate' to remove the client's SSL session ID from LTM's cache, followed by SSL::renegotiate to request the client to re-authenticate with a client cert.








  • Hi Brian,



    I'm not sure why. I'd suggest adding debug logging to the iRule, capture a tcpdump for IE and FF and use ssldump to compare the two traces.



    Here are some related AskF5 solutions:



    SOL411 - Overview of packet tracing with the tcpdump utility




    SOL10209: Overview of packet tracing with the ssldump utility