For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

cymru81's avatar
cymru81
Icon for Altocumulus rankAltocumulus
Jun 11, 2014

APM and RSA

Hi, we use RSA for 2FA with BIG-IP APM. Gernerally logins work ok but then we do seem to get batches of users that are stuck in 'next tokencode' mode which asks you to wait for the code to change and re-enter. Unfortuantely this code is very rarely accepted and the token has to be re-synced via the RSA Auth Manager (which points to the issue being BIG IP not RSA). This 'next tokencode' also works fine with a legacy Firepass controller we have which also points to it being BIG IP. F5 support aren't forthcoming with the answer to this as well. Anyone else experienced this and no a fix? thanks.

 

application delivery
BIG-IP Access Policy Manager (APM)
deployment
management
performance
security

7 Replies

  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Jun 11, 2014

    Suggest that you raise a case with F5 support. There are multiple factors in an APM configuration and without the whole configuration picture it would not hazard a guess as to what may be the problem here. It could be something simple or something much more in depth

     

  • cymru81's avatar
    cymru81
    Icon for Altocumulus rankAltocumulus
    Jun 12, 2014

    Unfortuantely I have done and was passed along to RSA who confirm they can see no issues and to contact the vendor of the appliance, so stuck in a loop really!

     

  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Jun 12, 2014

    Suggest you go back to F5 and persist with them. It is their product and if you have support they are meant to help you resolve the issue.

     

  • cymru81's avatar
    cymru81
    Icon for Altocumulus rankAltocumulus
    Jun 12, 2014

    I may have to, though thought it was worth an ask on here... :)

     

  • TedSmith_143757's avatar
    TedSmith_143757
    Icon for Nimbostratus rankNimbostratus
    Oct 14, 2014

    Hi, just wondered if you ever got to the bottom of this? We seem to get way more next token code problems than we had with Firepass and often entering the next code doesn't seem to let people in and we need to manually resynchronize it. A tcpdump shows request going to the RSA server but no response when entering next code when it fails, but for 99% of people it works fine, so not a general connectivity issue by any means.

     

  • cymru81's avatar
    cymru81
    Icon for Altocumulus rankAltocumulus
    Oct 15, 2014

    Not really a resolution, we upgraded to the latest build of BIG IP/APM and the issue doesn't really occur any more!

     

  • Paul_Motton_637's avatar
    Paul_Motton_637
    Icon for Nimbostratus rankNimbostratus
    Oct 15, 2014

    Thanks for the reply, we are upgrading our APM's this evening so will check if this fixes the problems being experienced.