F5-Geek
Feb 12, 2018Nimbostratus
BIG IP APM
I am working on a project as the requirement , the BIG IP APM would authentication and authorization.
As per the policy, the user would do ldap authentication and ldap query , after ldap query the us...
I'd advise a rethink. You shouldn't be sending back the password to the browser (Ye you can argue that it's no more insecure than sending it from the client in the first place, but I'd counter that with the fact the client already has it, so don't add to the complexity by sending it back). If your BigIP is doing the A&A I don't see why you think it should be.
And what's the LDAP query for? (Auth with LDAP typically doesn't use a query).