Forum Discussion
Stefan_Klotz
Jun 28, 2011Cumulonimbus
Sharepoint with APM and expired AD-passwords
In one of our projects we want to place Sharepoint servers behind a BIG-IP including the APM.
The APM should be used to verify a client certificate and should pass the credentials of the SSO towa...
During further investigation including several F5 documentation I could found the following:
Active Directory password management
Access Policy Manager supports password management for Active Directory authentication. This works in the following order:
- Access Policy Manager uses the clients user name and password to authenticate against the Active Directory server on behalf of the client.
- If the clients user password on the Active Directory server has expired, Access Policy Manager returns a new logon page back to the client, requesting that the client change its password.
- After the client submits the new password, Access Policy Manager attempts to change the password on the Active Directory server.
If this is successful, the clients authentication is validated.
If the password change fails, it is likely that the Active Directory server rejected it because the password did not meet the minimum requirements such as password length.
Note: By default, users are given only one attempt to reset their password. However, an administrator can configure the max logon attempt allowed of the authentication agent to a value larger than 1, which gives users multiple opportunities to reset their passwords.
I'll play with this a little bit in the next days (as our APM license is not yet available) and let you know the results.
Ciao Stefan :)
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects