For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Alexander_01_13's avatar
Alexander_01_13
Icon for Nimbostratus rankNimbostratus
Jan 10, 2014

Security issue using two different authentication methods with the same ntlm domain (SSO)

Hello fellows,   I have run across a security issue with two web servers using the same ntlm domain for authentication (APM) on our F5 BIGIP Version 11.4.1.   ServerA contains critical informat...
BIG-IP Access Policy Manager (APM)
deployment
microsoft
security
Alexander_01_13's avatar
Alexander_01_13
Icon for Nimbostratus rankNimbostratus
Apr 11, 2014

Finally I got the leisure to put together an irule to check for a successful rsa authentication on the critical server and to kill the session in case there is none.

when HTTP_REQUEST {
    set rsastate [ACCESS::session data get "session.securid.last.state"]
    if { $rsastate != "SECURID_AUTH_STATE_ACCESS_ACCEPTED" } {
            ACCESS::session remove
    }   
}

Question: Would it be more efficient to use another event than HTTP_REQUEST?