Forum Discussion

hurricane1983_2

Nimbostratus

Mar 01, 2016

Multiple AAA Server Auth. in a policy

Hi, Is it possible to identfy a local user aut. and ldap aut. in a policy without decision box. I do not want to show users any decision box choice.We need to give access to our ldap users and 3...

application delivery

BIG-IP Access Policy Manager (APM)

Josiah_39459

Historic F5 Account

Mar 01, 2016

Well, that depends. Do you have any logic to decide if a given session should be checked against localdb vs ldap? Such as source ip? If you have any logic, then certainly, you can add an Empty box and configure the Branch Rules to split between the auth methods you want.

If you have no logic to distinguish one from the other, you could always just do them via priority. For example, send them to localdb first, and if they fail (the fallback branch), send them through ldap. Then if they fail both, they get denied. But if they pass at least one they get allowed.

hurricane1983_2
Nimbostratus
Mar 01, 2016
Hi Josiah, I want to split these authentication methods. yes i think using an empty box but i am not sure that where i will add it in my policy . should i use the box after login page and what i need to identify expression for local database .to split between the auth. method. i can only find session.localdb.groups expression for local db. many thanks,

Forum Discussion

Multiple AAA Server Auth. in a policy

Recent Discussions

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Portal Access to HTTPS resources slow

How to Implement 2 Way SSL in F5 LTM

Azure DP-100 Exam Questions

Related Content

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

Virtual server security policy

Multiple server with one VS