2FA AD + Radius

Hello,

 

Got currently my portal access secured with AD Authentication (created using Wizard on BigIP 13). It's working perfectly fine and I can login using my AD credentials.

 

In meantime configured myself a radius server with google authenticator. So my username is @ and my password is only 2FA code. Trying to add this to authentication Chain.

 

So idea is that user on the first screen seeing AD user / pass and on second screen only One Time Password. I've tried to introduce RADIUS AUTH block after AD AUTH, however, this returning ACCESS-DENIED. What I'm thinking is going on data from the first form (just username and ad password) are getting passed to Radius.

 

Correct me if I'm wrong but is that what I need to do: Create myself a Login page after AD AUTH block that will ask me for One Time Password. Somehow pass to that Login page my username@domain from previous login screen (even if in the box I'm putting only username). Then pass it to Radius server using Radius AUTH?

 

Can anyone got example of similar setup? What I'm seeing mostly is iRules setup for Google AUTH however I would like to utilize this external Radius server that is already serving many other requets.

 

Many thanks Dariusz