Forum Discussion

Jeremi's avatar
Jeremi
Icon for Nimbostratus rankNimbostratus
Jan 30, 2019

F5 APM logon page redirecting to a second F5 APM

Hello all,

 

I am trying to achieve the following flow: - A first F5 (external) showing an Logon page with radius authentication (OTP behind) which redirect to the second F5 - A second F5 (internal) showing a logon page with radius authentication (internal logon and password) to access resources

 

On the first F5 I just put in the VPE a single "Logon Page" and "Radius Auth"

 

My issue is when I authenticate on the first F5, the second F5 doesn't display the logon form. It says "invalid session ID" (redirect "my.logout.php3?errorcode20").

 

I guess somewhere the second F5 detect the session from the first F5 and don't find any reference on itself.

 

Note: I use the same cookie domain on both F5. I also try a blank one but with no luck

 

Any idea how to fix it ?

 

Thanks

 

APM
application delivery
iRules

2 Replies

Sort By
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Jan 31, 2019

    Hi,

     

    in your case, your problem is the architecture deployed to reach your service.there are indeed solutions to overcome your problem but why do complicated when you can do simple.

     

    First, avoid cascading APM policies.

     

    So for your External Services (External Users) implements this policy:

     

    • External F5 : create a basic VS without APM policy just forward flow to internal VS.

       

    • Internal F5: create a policy with radius auth + AD auth. This internal VS can be reach only from outside (External F5)

       

    So fo your Internal Services (Internal Users) implements this policy:

     

    • Internal F5: create a policy with AD auth. Internal DNS will fw user on this VS instead external VS.

    Hope it's clear for you. Keep me in touch