Forum Discussion

kimhenriksen's avatar
kimhenriksen
Icon for Cirrostratus rankCirrostratus
Feb 03, 2021

Getting basic auth prompt before apm logon page event

Hi   I´ve setup a basic login policy. Check if client subnet is RFC1918, if yes do ntlm auth, if not go to logon page and do MFA login.   But.. when i access the VIP external i get a basic a...
application delivery
BIG-IP Access Policy Manager (APM)
LTM
  • kimhenriksen's avatar
    kimhenriksen
    Feb 17, 2021

    A quick update.

    Latest rule is not correct, pasted the wrong one from the clipboard.

     

    Here the latest.

    when HTTP_REQUEST { 

     if { [IP::addr [IP::client_addr] equals "10.0.0.0/8"] or [IP::addr [IP::client_addr] equals "192.168.0.0/16"] or [IP::addr [IP::client_addr] equals "172.16.0.0/12"] } { 

      if { [ACCESS::session data get session.ntlm.last.result] eq 1 } {

        ECA::disable

      } else {

      ECA::enable

      ECA::select select_ntlm:/Common/ntlm_profile

      #log local0. "eca enabled"

     }

     } else {

      ECA::disable

      #log local0. "RFC1918 ECA disable"

     }

    }

     

     

     

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Feb 04, 2021

Did you actually check the APM Access Reports for this? This should, given the right log settings are applied, already give you a clue why you get a basic auth prompt instead of the MFA login.

  • kimhenriksen's avatar
    kimhenriksen
    Icon for Cirrostratus rankCirrostratus
    Feb 04, 2021

    I´ve just checked the default log. But I am applying a new ECA irule, which disables ECA for RFC1918.

    As I havent seen anything in the standard reports. So i guess this happens before APM kicks in.