Forum Discussion
Nimbostratus2nd Factor of Authentication for documents within Sharepoint
Hi All
We are currently evaluating an F5 licensed for LTM and APM. We are wanting to publish our Internal Sharepoint intranet via this platform, which we have managed to do using the various guides.
The next requirement we have is to introduce a second factor of authentication for urls within the site.
As an example:
https://sharepoint.example.com would require a username and password
However if you were to click on a link that took you to https://sharepoint.example.com/documents/... you would be required to authenticate using a second factor - in this case against a radius server..
Could someone please point me in the right direction of how I could complete this?
Thanks David
1 Reply
- Kevin_Stewart
Employee
The short answer is that this is not an easy thing to do. The APM access policy only evaluates once at the beginning of the session, so to cause any sort of re-validation, you essentially have to dump the existing session and start a new one. The new ACCESS::policy evaluate command would technically allow you to do some post-policy processing, but only does so in clientless-mode, so no opportunity to display a logon page.
There are, potentially, two other options:
-
Use LTM and iRules to generate an RSA token logon page (not an APM logon page), then submit that data via ACCESS::policy evaluate. I haven't tested this idea, but it should work.
-
There is a technique that allows you to store relevant information from the current session into a short-lived session table entry, delete the old session, start a new one, and then dump the old data into the new access session. Not the most intuitive thing in the world, but certainly an option.
-
