Forum Discussion
Josiah_39459
Mar 01, 2016Historic F5 Account
Well, that depends. Do you have any logic to decide if a given session should be checked against localdb vs ldap? Such as source ip? If you have any logic, then certainly, you can add an Empty box and configure the Branch Rules to split between the auth methods you want.
If you have no logic to distinguish one from the other, you could always just do them via priority. For example, send them to localdb first, and if they fail (the fallback branch), send them through ldap. Then if they fail both, they get denied. But if they pass at least one they get allowed.
- hurricane1983_2Mar 01, 2016NimbostratusHi Josiah, I want to split these authentication methods. yes i think using an empty box but i am not sure that where i will add it in my policy . should i use the box after login page and what i need to identify expression for local database .to split between the auth. method. i can only find session.localdb.groups expression for local db. many thanks,