Forum Discussion

felixk's avatar
felixk
Icon for Nimbostratus rankNimbostratus
Mar 20, 2025

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

We currently have a Radius authentication in our access policy on F5 APM. Sometimes the user may mis-input the token received from SMS and we would like the Radius authentication page to ask the user to input again instead of redirecting back to logon page on first mis-input, in other words to have a second attempt for token input with the same token from SMS. Can we achieve this function in F5 APM?

Thanks a lot.

7 Replies

  • You could put the RADIUS authentication process within a dedicated macro and define the desired loop count within this macro. 

    Then, connect the failure branch of the RADIUS authentication to a loop ending.

    • felixk's avatar
      felixk
      Icon for Nimbostratus rankNimbostratus

      Thanks for your reply. Our RADIUS authentication is currently inside a macro and we have tried to set loop count and connect failure branch to loop ending but it seems when RADIUS authentication fails, it will automatically fallback to the previous logon page instead of going through the failure branch. 

  • How many Max logon attempts have you configured?

    Try to set it to 1 in order to follow fallback branch after each failure and then handle retries with loop.

    • felixk's avatar
      felixk
      Icon for Nimbostratus rankNimbostratus

      We have tried 1 and 5 times, but the problem is the RADIUS authentication does not enter the fallback/failure branch when authentication is unsuccessful, instead it returns back to the previous logon page. Any idea how to resolve this issue? Thanks!

      • Injeyan_Kostas's avatar
        Injeyan_Kostas
        Icon for Cirrostratus rankCirrostratus

        that's interesting
        I tried to reproduce it on a lab env and I had radius failure always following fallback branch
        Do you might have a login page in the same macro?