cancel
Showing results for 
Search instead for 
Did you mean: 

Is network access bypassing APM logon pages?

ThomasP
Nimbostratus
Nimbostratus

Hello,

Maybe it's a stupid question but I've been wondering about it for a while without finding a proper answer.

Usually, you can either access your web apps remotely through APM or you can use a SSL VPN connection to have a full network access.

Recently when I was connected to the VPN (BigIP Edge Client), I tried to access different web apps through APM in order to test some APM workflows (vpe config) and I noticed I was somehow bypassing the APM logon pages : actually I was able to access the web apps without having the APM logon pages.

 

Maybe these were silly tests but still i'm wondering : what happened ?

 

I used an irule to have verbose logs, I saw that my vpn session ID were being used when accessing these web apps.

 

Is there any credential forwarding ? How does it work ?

 

Thank you

 

Thomas

1 ACCEPTED SOLUTION

PeteWhite
F5 Employee
F5 Employee

If APM is being the gatekeeper then if you have a VPN session then you are authenticated. If you then want to access the app then you are already authenticated with APM.

View solution in original post

3 REPLIES 3

PeteWhite
F5 Employee
F5 Employee

If APM is being the gatekeeper then if you have a VPN session then you are authenticated. If you then want to access the app then you are already authenticated with APM.

ThomasP
Nimbostratus
Nimbostratus

Thank you Pete for your reply.

 

In that case, it seems that the APM checks (AD query for example) and variable assigments are bypassed, right? Is there any solution for these ?

 

Thank you

Hi Thomas, Take a look at https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-0-0/20.html and possibly https://devcentral.f5.com/s/articles/apm-full-step-up-authentication-903