For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

_Mo__2's avatar
_Mo__2
Icon for Nimbostratus rankNimbostratus
Sep 11, 2018

Get the wrong account on the application after two logon attempts

Hi Guys,   After a wrong log in with a bad password again the box AD Auth, I do a right log in with an other username and I get the account of the previous people on the backend.   Indeed, the ...
BIG-IP Access Policy Manager (APM)
security
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Sep 11, 2018

Hi,

the problem is when your policy is like that:

start --> logon page --> variable assign --> AD auth
  • First authentication logon page is managed in Logon page box
  • all other authentication attempts are managed within AD auth box... there is not backward in decision tree.

So every decision between logon page and AD auth are evaluated only once during first authentication.

To solve the issue,

  • create a macro with "loop count" define to 3
  • configure the same policy within this macro. except that you define the AD auth max attempts to 3.
  • connect AD auth failure to loop ending.

the macro will force to evaluate again every box during next authentication attempts.