Password Resets and User Authenticity

With any application that requires authentication you will inevitably run into a password expiration and/or lockout issues that requires a user to reset their password. I have seen organizations address this with a wide range of solutions from home grown programs all the way to multi-million dollar identity management frameworks. While both solutions will help a … Continue reading Password Resets and User Authenticity →

302 vs 307: All about the POST

Recently I was helping a customer address a multi-factor authentication bug where the 3rd party MFA solution would post the username and temporary token back to APM via the wrong URL. While we worked with the partner to address this bug the customer needed a work around in the meantime... perfect time for an iRule! For … Continue reading 302 vs 307: All about the POST →

BIG-IP Troubleshooting 101

When you work with any technology there reaches a point where the "it's a black box" approach is no longer valid and you have to dig in a little deeper and understand how the product works. With F5 BIG-IP this means understanding how traffic flows through the appliance and how to monitor and watch it. … Continue reading BIG-IP Troubleshooting 101 →

Clustered Multi-processing (CMP) versus Traditional Shared Memory Architecture

Over on DevCentral Robert Haynes has posted a great article outlining the advantages of F5's clustered multiprocessing (CMP) architecture versus traditional shared memory architecture. So why does this matter? Because attacks today are designed to stress the performance of security devices and bring them to their knees. If your architecture is designed correctly then it … Continue reading Clustered Multi-processing (CMP) versus Traditional Shared Memory Architecture →

SAML – Client versus Server Authentication with F5 APM

As organizations start to utilize Software as a Service (SaaS) the concern on how to authenticate users becomes a critical security issue. Many organizations look to federated authentication mechanisms, such as SAML, to help address this security risk. The benefits of using SAML are that user credentials are not replicated across each vendor cloud instance … Continue reading SAML – Client versus Server Authentication with F5 APM →

APM Cookbook: Multiple Domain Authentication – Part 1

I posted a new series on DevCentral regarding ways F5's Access Policy Manager can facility authenticating users from multiple domain sources. This post is part 1 of 4 and the series will cover some cool topics like home realm discovery and automatic domain detection.