Suppress MFA for a period of time

Problem this snippet solves: This code snippet can be used if you want to suppress MFA for a period of time. This solution uses an encrypted persistent cookie, that will be set at a successful MFA l...

Published Jul 16, 2019

Version 1.0

application delivery

BIG-IP Access Policy Manager (APM)

iRules

Security

Niels_van_Sluis

MVP

Joined May 16, 2019

View Profile

Niels_van_Sluis

MVP

Joined May 16, 2019

View Profile

Slayer001

Cirrus

Jul 19, 2019

Hi Niels,

I tried this iRule in our setup but it seems the HTTP_RESPONSE event is not hit when going to just the APM webtop after completing the VPE policy? When setting logging in this event it never gets triggered. I don't see the cookie appearing in the list of cookies.

Tried with HTTP_RESPONSE_RELEASE but that's already triggered when sending the session cookies back to the client which is to early.

Is there any other event that could be used?

Suppress MFA for a period of time

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS