Forum Discussion
sergio_baza_alo
Altocumulus
AltocumulusWhy the page /my.policy redirects users to /vdesk/hangup.php3 ?
Hello all,
I have a problem with the APM, I have an application published and sometimes the users are unable to see the login page, instead of that they get the logout page.
This is very s...
Stanislas_Piro2
Cumulonimbus
CumulonimbusHi,
it is not recommended to insert any box between Logon page and Auth boxes.
I know it was required before Radius to change session.logon.last.password. I say was because in version 13.1 (I'm not sure which version add this feature) you can configure the password source.
Why isn't it recommended to insert a box between logon page and Auth? because these boxes are evaluated only once. if the first user authentication attempt fails, all following attempts will be evaluated within the AD auth box, there is no rollback in the decision tree to the logon page.
Then iRule event is not recommended. I know you find this one in an article from a F5 employee written in 2013. Everything that can be done with variable assign may be done with variable assign. irule event requires an external execution of code from access profile which add evaluation latency and variable cache issues.
here are variable assign expressions you can use instead of irules (use this variable assign order because flags expression uses trusted value)
session.custom.owa.trusted =
expr {[mcget {session.logon.last.pubpriv}] == "private" ? 4 : 0}
session.custom.owa.flags =
expr {[mcget {session.logon.last.lightversion}] == "yes" ? [mcget {session.custom.owa.trusted}]+1 : [mcget {session.custom.owa.trusted}] }
Even if you use irule event or the variable assign I provide, move all sso to the end of the decision tree. these variables are not required for authentication but only for SSO.