Multiple AAA Server Auth. in a policy

Question

Hi,&nbsp;
Is it possible to identfy a local user aut. and ldap aut. in a policy without decision box. I do not want to show users any decision box choice.We need to give access to our ldap users and 3party users from outsite to company resources.is it possible do that with an empty box?&nbsp;
Thanks, &nbsp;

josiah_39459 · Answer

Well, that depends.  Do you have any logic to decide if a given session should be checked against localdb vs ldap?  Such as source ip?  If you have any logic, then certainly, you can add an Empty box and configure the Branch Rules to split between the auth methods you want.&nbsp;
If you have no logic to distinguish one from the other, you could always just do them via priority.  For example, send them to localdb first, and if they fail (the fallback branch), send them through ldap.  Then if they fail both, they get denied.   But if they pass at least one they get allowed.&nbsp;

hurricane1983_2 · Answer

Hi Josiah,

I want to split these authentication methods. yes i think using an empty box but i am not sure that where i will add it in  my policy . should i use the box after login page and what i need to identify expression for local database .to split between the auth. method. i can only find session.localdb.groups expression for local db.

many thanks,

Forum Discussion

Multiple AAA Server Auth. in a policy

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

LTM Policy don't send to external log server

Virtual server security policy

Multiple server with one VS

Access policy, LTM policy and iRules