NimbostratusHi,
I have a default access profile used for SharePoint. I'd like login attempts to go to a password reset page we have, when F5 detects the Active Directory password has expired (can it do this?).
And then when the user clicks the submit button on this F5 page, it goes into the requested SharePoint site.
Would this be possible?
Thanks
Yes, this should be the default behavior with the "Web Access Management" / "LTM+APM" (both mean the same thing) type of deployment.
The Access Policy woudld simply be:
Start -> Logon Page -> AD Auth-(success)--> Allow
\----(fallback)--> Deny
I recommend strongly to read the APM Operations Guide to understand the different ways to use APM, it has a lot of options.
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/f5-apm-operations-guide.html
NimbostratusLooks like that's the access policy we have in place. I clicked edit endings, and then selected deny, and it looks like for deny, I can enable a redirect to my password reset page and there's a checkbox to keep the session open, so from the reset page and via code, I should be able to get the original url the user requested.
However, deny could be for a number of reasons, such as incorrect password, or is deny just due to an expired password?