The Burden of Federated Authentication

If you’ve ever had the pleasure to hear me rant on web access management then you know I like to stress the difference between authentication and authorization.  Authentication is the process of verifying a user’s identity while authorization is the process of determining the level of access the user possesses for any given application and/or … Continue reading The Burden of Federated Authentication

How to Monitor a TLS 1.0 Application

Overview With the slew of SSL and TLS based vulnerabilities over the last two years F5 administrators have been forced to become more cognizant of the encryption standards used in their environment.  While disabling SSLv3 and TLSv1 is a critical step in securing your infrastructure you may find yourself stuck with applications servers that only support … Continue reading How to Monitor a TLS 1.0 Application

Hosting Static Content with an iRule and iFiles

If you didn't know about this feature it is a neat trick to host maintenance pages.  I've recently implemented this to host a static website on the BIG-IP without the need for a backend web server.  The use case I'm looking at is for F5 training labs running in Google's Cloud Compute Engine via Ravello.  We'll be running … Continue reading Hosting Static Content with an iRule and iFiles

Password Resets and User Authenticity

With any application that requires authentication you will inevitably run into a password expiration and/or lockout issues that requires a user to reset their password.  I have seen organizations address this with a wide range of solutions from home grown programs all the way to multi-million dollar identity management frameworks.  While both solutions will help a … Continue reading Password Resets and User Authenticity