Forum Discussion

Nimbostratus

Jan 10, 2014

Security issue using two different authentication methods with the same ntlm domain (SSO)

Hello fellows, I have run across a security issue with two web servers using the same ntlm domain for authentication (APM) on our F5 BIGIP Version 11.4.1. ServerA contains critical informat...

BIG-IP Access Policy Manager (APM)

Nimbostratus

Apr 11, 2014

Finally I got the leisure to put together an irule to check for a successful rsa authentication on the critical server and to kill the session in case there is none.

when HTTP_REQUEST {
    set rsastate [ACCESS::session data get "session.securid.last.state"]
    if { $rsastate != "SECURID_AUTH_STATE_ACCESS_ACCEPTED" } {
            ACCESS::session remove
    }   
}

Question: Would it be more efficient to use another event than HTTP_REQUEST?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Security issue using two different authentication methods with the same ntlm domain (SSO)

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

F5 Security Podcasts

API security

Certifications for security professionals

DevCentral to Require Multi-Factor Authentication for Account Login from September 26

Ensuring Security in Continuous Integration and Continuous Deployment (CI/CD) Pipelines

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS