Forum Discussion

Altocumulus

Mar 06, 2015

Lazy Auth Sessions

I'm trying to use the SAML_AUTH modules in Access Policy to protect a webserver using shibboleth. That in and of itself is easy. I have an iRule that sends down headers to the server based on the a...

application delivery

BIG-IP Access Policy Manager (APM)

Cirrostratus

Mar 06, 2015

As you mentioned, you could use an iRule that would kill the session (ACCESS::remove) and force a new one.

The other option would be to use an iRule prior to the session starting (APM Event Order) and use the ACCESS:disable command to disable the APM from processing that request. (Note: If you have an existing session and use that command, you may get some odd behavior. Be sure to also remove the APM cookies like

MRHSession

and

LastMRH_Session

from the request so APM doesn't try to do anything with it.)

This is how I've gotten things like this to work in the past.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Lazy Auth Sessions

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 rSeries 4600 support 3rd Party SFP

no upload file .docx

F5 LACP

F5 BGP Peering in Active /Standby Cluster

AS3 Storage

Related Content

MCP Session Affinity With F5 NGINX Plus

Bolt-on Auth with NGINX Plus and F5 Distributed Cloud

TLS Stateful vs Stateless Session Resumption

Python SDK Cookbook: Working with Auth Tokens

Insert Basic Auth Header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS