NimbostratusHi everyone,
I configured exchange server access using standard f5 iapp template. When user changes password in active directory, activesync and outlook are still working with old password for about an hour. Web access is working properly with new password and not accepting old password. We want the old password to stop working immediately.
Any suggestions?
CumulonimbusHello giokupra,
AS and OA access is done trough APM policies?
Regards
Nimbostratusyes, AS and OA access is done through APM
CumulonimbusSo I suppose that when you access the services you meet the different criteria of your APM policy:
-> Basic auth for AS
-> NTLM for OA
Then the SSO triggers based on your initial authentication when accessing the APM policy. If user change his pwd during AS session (example), He will send his old pwd to Exchange AS, it will cause disabling SSO in the APM session. since you are connected to your session, it does not ask you to authenticate until timeout.
You can reduce APM Timeout session or if it is possible to make an irule that allows to delete the current session if the SSO fail. This will reinstate the session and the pwd will be requested again...
Regards
CumulonimbusSo I suppose that when you access the services you meet the different criteria of your APM policy:
-> Basic auth for AS
-> NTLM for OA
Then the SSO triggers based on your initial authentication when accessing the APM policy. If user change his pwd during AS session (example), He will send his old pwd to Exchange AS, it will cause disabling SSO in the APM session. since you are connected to your session, it does not ask you to authenticate until timeout.
You can reduce APM Timeout session or if it is possible to make an irule that allows to delete the current session if the SSO fail. This will reinstate the session and the pwd will be requested again...
Regards