For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Lucas_Thompson_'s avatar
Lucas_Thompson_
Historic F5 Account
Aug 26, 2016

Yes, this should be the default behavior with the "Web Access Management" / "LTM+APM" (both mean the same thing) type of deployment.

The Access Policy woudld simply be:

Start -> Logon Page -> AD Auth-(success)--> Allow
                         \----(fallback)--> Deny

I recommend strongly to read the APM Operations Guide to understand the different ways to use APM, it has a lot of options.

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/f5-apm-operations-guide.html

  • Gurdip_Sira_172's avatar
    Gurdip_Sira_172
    Icon for Nimbostratus rankNimbostratus
    Aug 26, 2016

    Looks like that's the access policy we have in place. I clicked edit endings, and then selected deny, and it looks like for deny, I can enable a redirect to my password reset page and there's a checkbox to keep the session open, so from the reset page and via code, I should be able to get the original url the user requested.

     

    However, deny could be for a number of reasons, such as incorrect password, or is deny just due to an expired password?