Manual Chapter :
Common Elements for the Visual Policy Editor in Access Policy Manager
Applies To:
Show VersionsBIG-IP APM
- 14.0.1, 14.0.0
Common Elements for the Visual Policy Editor in Access Policy Manager
When configured in a per-request policy
subroutine, some screen elements and options described here might not be available.
- Max Logon Attempts Allowed
- Specifies the number of user authentication logon attempts to allow. A complete logon and password challenge and response is considered as one attempt.For a per-request policy subroutine, equivalent functionality is supported through subroutine settings.
- Show Extended Error
- When enabled, causes comprehensive error messages generated by the authentication server to display on the user's logon page. This setting is intended only for use in testing, in a production or debugging environment. If enabled in a live environment, your system might be vulnerable to malicious attacks. (When disabled, displays non-comprehensive error messages generated by the authentication server on the user's logon page.)
- Basic Auth Realm
- Specifies the authentication realm for use with Basic authentication.
- HTTP Auth Level
- Specifies the authentication required for the access policy.
- none- specifies no authentication.
- basic- specifies Basic authentication only.
- negotiate- specifies Kerberos authentication only.
- basic+negotiate- specifies either Basic or Kerberos authentication.
- HTTP Auth Level
- Specifies the authentication required for the access policy.
- none- specifies no authentication.
- basic- specifies Basic authentication only.
- negotiate- specifies Kerberos authentication only.
- basic+negotiate- specifies either Basic or Kerberos authentication.
- Split domain from full username
- SpecifiesYesorNo.
- Yes- specifies that when a username and domain combination is submitted (for example,marketing\jsmithorjsmith@marketing.example.com), only the username portion (in this example,jsmith) is stored in the session variablesession.logon.last.username.
- No- specifies that the entire username string is stored in the session variable.
- Logon Page Input Field #1
- Specifies the text to display on the logon page to prompt for input for the first field. WhenLanguageis set toen, this defaults toUsername.
- Logon Page Input Field #2
- Specifies the text to display on the logon page to prompt for input for the second field. WhenLanguageis set toen, this defaults toPassword.
- Complexity check for Password Reset
- Specifies whether Access Policy Manager (APM®) performs a password policy check. APM supports these Active Directory password policies:
- Maximum password age
- Minimum password age
- Minimum password length
- Password must meet complexity requirements
Because this option might require administrative privileges, the administrator name and password might be required on the AAA Active Directory server configuration page.Enabling this option increases overall authentication traffic significantly because APM must retrieve password policies using LDAP protocol and must retrieve user information during the authentication process to properly check the new password. - Resources
- Specifies Static ACLS, Network Access resources, App Tunnels, and so on to assign to the selected groups. Any resource on the system can be assigned to a group. The system limits apply; for example, only one webtop should be assigned to a group.
- Store information about client software in session variables
- SpecifiesEnabledorDisabled.
- Continuously check the result and end the session if it changes
- SpecifiesEnabledorDisabled.WhenEnabled, if the client does not respond for five minutes, the server ends the session.
- Vendor ID
- Specifies a vendor ID (from the list of supported vendors) orAny.
- Product ID
- Specifies a product ID (from the list of supported products) orAny.
- MD5
- Specifies the MD5 checksum. An MD5 checksum provides easily computable verification of the identity of a file using a cryptographic hash algorithm. The MD5 checksum is a 32-digit hexadecimal value. For example, the checksum for a zero-byte file is alwaysd41d8cd98f00b204e9800998ecf8427e.
- Size
- Specifies the size of the file in bytes. The default value is0which is the same as not specifying a size; a size of zero (0) is not verified.A zero-byte file is specified with the MD5 checksum for a zero-byte file in theMD5field.
- Date
- Specifies the file last modified date.The date must be translated first to GMT, and then to a 24-hour clock.
You must have already configured the access profile to which you want
to add OCSP authentication.