Forum Discussion

Mush83's avatar
Mush83
Icon for Nimbostratus rankNimbostratus
Sep 13, 2022

APM OTP authentication

We are using APM for OTP authentication , The problem is that there are a number of users who on purpose make the first registration using the username and password, then after the OTP-code arrives, they open another tab in the browser and request a new login, then a new OTP-code is sent to them and so on, how can I limit this by not allowing a new OTP-code to be sent In the event that the first code is still active, for example, for a period of 3 minutes

apm otp
application delivery

4 Replies

Sort By
  • Torijori_Yamamada's avatar
    Torijori_Yamamada
    Icon for Cirrus rankCirrus
    Sep 14, 2022

    Hi,

    When APM creates an OTP code you can save it on a table with help of an iRule so if user try to create another session, you can able to check whether same user have a session already. If there is another OTP code, so you can return a message that says like "use OTP code sent previusly".

    But this looks like an example of "wrong usage of computers" more than an APM problem. If i encounter same problem, i probably choose to put a time limit which restrict users have one session in a certain time of frame. When they open another one, i block them for a limited of time, so evolution continues and people learn.

     

     

     

     

  • Mush83's avatar
    Mush83
    Icon for Nimbostratus rankNimbostratus
    Sep 14, 2022

    Thank you for your reply, could you please let me know how to block a new session if there's already initiated one

  • Mush83's avatar
    Mush83
    Icon for Nimbostratus rankNimbostratus
    Sep 25, 2022

    Please can someone help me to prevent users from using 2 factor auth for a certain period of 3 min in case the first otp code is sent to the user. I tried to find out the last user auth process using irule but without any benefit