For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AlexS_yb's avatar
AlexS_yb
Icon for Cirrocumulus rankCirrocumulus
Apr 06, 2021

using irules to deliver pages

Hi   I have a VS which is acting as my SSO - its the landing spot for multidomain SSO. I have a VS (it has ASM applied first) that then goes to another VS (this has APM applied)   I have a ...
BIG-IP Access Policy Manager (APM)
iRules
security
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Apr 26, 2021

The description of your issue is confusing and better edit your question with precise description of the issue.

 

 

For the ASM VIP to APM VIP you use Layered VS (https://support.f5.com/csp/article/K54217479) ?

 

 

You can also configure the ASM to protect the APM login page, so no one can can click other pages if they have not passed the login page:

 

https://support.f5.com/csp/article/K13315545

 

 

I think that you can use the Per-Request policy to force again a login.

 

 

 

 

Better review your multy domain config if you think that there are issues as you need to be carefull with profile scope (https://devcentral.f5.com/s/question/0D51T00006j20Ce/v12-apm-profile-scope):

 

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-1-0/27.html

 

 

https://clouddocs.f5.com/training/community/iam/html/archived/class7/module1/lab7.html

 

 

 

 

 

For to clear APM session with iRule use "ACCESS::session remove"

 

 

https://clouddocs.f5.com/api/irules/ACCESS__session.html