2FA authentication with SSO on APM

Question

Hi&nbsp;
i have configured two factor authentication with AD and RSA for users to connect to application on APM. but i need SSO configuration on APM to pass the AD credentials to application. the policy i have configured will change session.logon.last.password to password1 to pass the RSA token to RSA server.So how do i get actual AD password session ID to configure SSO.&nbsp;
Policy 
Logon page -- configured password1 as session variable for RSA--AD auth -- varible assign as below--RSA auth--SSO mapping - backend server
Variable assign
expr {[mcget session.logon.last.password1]}&nbsp;

lee_sutcliffe · Answer

You need to create a SSO Credential Mapping policy agent in the Visual Policy Editor, that takes the username and password from the logon page, and maps them to variables to be used for SSO services

psilva · Answer

Post of the Week Video of the question: &nbsp;
https://devcentral.f5.com/articles/post-of-the-week-two-factor-auth-and-sso-with-big-ip-29546&nbsp;
ps&nbsp;

siphe · Answer

Hi Lee, tried this but unfortunately it doesn't resolve the issue.

Forum Discussion

2FA authentication with SSO on APM

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

iControl REST Authentication Token Management

Application Programming Interface (API) Authentication types simplified

Two-Factor Authentication With Google Authenticator And APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS