Forum Discussion

Cirrus

Oct 25, 2015

On-Demand Cert Auth Fallback

Hi All! i have an APM Policy with Smartcard Authentication. if no smartcard/certificate detected i want to configure fallback action to redirect to some explanation url on some web site. i ...

Kevin_Stewart

Employee

Oct 26, 2015

It's the difference between a fail open connection and fail closed connection. The Require option provides a fail closed connection. If for any reason the client cannot satisfy the certificate request, or the client's certificate cannot be validated or trusted, the connection is closed. The Request option, however, allows the connection to proceed. This option also allows you to apply additional logic after the SSL handshake, as in to perform an HTTP redirect on validation/trust failure.

The "is it secure" question is relative to what you're doing in the fallback branch. The SSL handshake will complete regardless, so you must do something in that fallback branch that prohibits further access.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)