For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sricharan61's avatar
sricharan61
Icon for Cirrus rankCirrus
Feb 12, 2020

how to have F5 APM send a 401 status code back instead of a 200 for the failed oAuth login attempts

how to have F5 APM send a 401 status code back instead of a 200 for the failed oAuth login attempts with /vdesk/hangup.php3 page as a response. The client needs a 401 for the failed attempts as the c...
application delivery
BIG-IP Access Policy Manager (APM)
Yoann_Le_Corvi1's avatar
Yoann_Le_Corvi1
Icon for Cumulonimbus rankCumulonimbus
Feb 17, 2020

Hi

Yep that is normal. Once the session is established you do not go though it again.

Maybe try to kill the session as well after the RESPOND 

ACCESS::session remove

Like this the authentication will need to be redone at next attempt

Or try to switch to per request policy ?

Let us know how it goes

sricharan61's avatar
sricharan61
Icon for Cirrus rankCirrus
Feb 18, 2020

It works with the ACCESS::session remove, thanks for the help 😊 .

I would want to use the session for this instead of request, as per-request would cost more to authenticate users with azure on every attempt, which is not a requirement presented to us so far.