Forum Discussion
Alexander_01_13
Jan 10, 2014Nimbostratus
Security issue using two different authentication methods with the same ntlm domain (SSO)
Hello fellows,
I have run across a security issue with two web servers using the same ntlm domain for authentication (APM) on our F5 BIGIP Version 11.4.1.
ServerA contains critical informat...
Alexander_01_13
Nimbostratus
Yes, two different policies.
Would branching out based upon host header solve the sso problem? Still, a session cookie obtained logging on to ServerB would sso to ServerA, wouldn't it?
After a look at the session variables I found the following useful: In a two-factor authenticated session the variable
session.securid.last.state
has the value SECURID_AUTH_STATE_ACCESS_ACCEPTED
. So, in an iRule I have to check that this variable is set and if not I will redirect to the login form.
Good idea?
Regards, Alex
Michael_Koyfma1
Jan 12, 2014Cirrus
Yes, that's certainly a good and easy approach - check for the existence and value of that variable..
However, if you have two different policies why would this matter? Each policy would execute separately, unless you are setting a domain cookie -is that what you're doing?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects