Forum Discussion
2 Replies
- Lucas_Thompson_Historic F5 Account
Yes, this should be the default behavior with the "Web Access Management" / "LTM+APM" (both mean the same thing) type of deployment.
The Access Policy woudld simply be:
Start -> Logon Page -> AD Auth-(success)--> Allow \----(fallback)--> Deny
I recommend strongly to read the APM Operations Guide to understand the different ways to use APM, it has a lot of options.
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/f5-apm-operations-guide.html
- Gurdip_Sira_172Nimbostratus
Looks like that's the access policy we have in place. I clicked edit endings, and then selected deny, and it looks like for deny, I can enable a redirect to my password reset page and there's a checkbox to keep the session open, so from the reset page and via code, I should be able to get the original url the user requested.
However, deny could be for a number of reasons, such as incorrect password, or is deny just due to an expired password?