For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dennis_Kloosterman's avatar
Dennis_Kloosterman
Icon for Altostratus rankAltostratus
Mar 23, 2021

How to terminate a second APM session using the same MFA account with OTP

Hi, We have an access policy in place where users log in in two steps, first with a radius username and an OTP generated by a hardware token, and second with their AD account. Our security team wa...
BIG-IP Access Policy Manager (APM)
iRules
security
Niels_van_Sluis's avatar
Niels_van_Sluis
Icon for MVP rankMVP
Mar 23, 2021

Have you considered to use the iRule table function? See: table (f5.com). Build a table that links username to ssid. If the table entry already exists, you can get the ssid and terminate that session. You can also extend the tables so you have a relation between ssid, otp_username and ad_username.

  • Dennis_Kloosterman's avatar
    Dennis_Kloosterman
    Icon for Altostratus rankAltostratus
    Mar 23, 2021

    That looks like just what I have been looking for, thanks! I'll see if I can get it to work this way later this week.