APM Configuration With Authentications Against Priority ERP & Duo MFA

Question

Hi Team,I have the following scenario and I am looking for ways to implement DUO MFA via APM:Customer have Priority ERP On-Prem Server with SQL DB, users that connect to Priority login page are authenticated locally with SQL query. I know that SQL query is not supported by big-ip to authenticate users. Now we want to add DUO 2FA to login.I have followed the arcitle&nbsp;APM Configuration to Support Duo MFA using iRule&nbsp;and was wondering if there is a way to implament the solution with my scenario? I tried with AD Authentication and it works perfect. The problem is as i mentioned users authenticate localy at the server.The issue is what are my options for First Authentication Factor? I need a way for APM first to pass the user to Priority logon page and after successfull login redirect to DUO 2FA. I have tried to configure "External Logon Page" BUT encountered an endless loop between https:/APM_URL/.my.policy and the logon page.Can anyone advise which options I have with APM to implament the solution?&nbsp;Kind Regards,Max

maxt · Answer

I have tried but there is an issue with customers application, we end up with a redirect loop.

I have wrote an sideband connection iRule to do POST request with users credentials and check the status code from the server.

It works perfectly.

maxt · Answer

I found a solution but getting a hard time to write the right iRule.

I can make API call to the server with iRule sideband Connection to make POST with users credentials.

The flow will be:

https://APM_PORTAL_LOGON/.my.policy ------ > user POST credentials ------- > sideband iRule Event to collect users credentials and POST to server for validation ----- if GOOD proceed to DUO.

Does anyone has iRule sideband connection to validate users credenials ?

momahdy · Answer

Hi Maxt,
Have you tried using External Logon page ? https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-logon-items/about-the-external-logon-page.html

Forum Discussion

APM Configuration With Authentications Against Priority ERP & Duo MFA

3 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Bridging and FQDN rewrite Policy

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

F5 mssql health monitor failing

Related Content

Configuring APM Client Side NTLM Authentication

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Configuring Smart Card Authentication to BIG-IP Management Interface

iControl REST Authentication Token Management

Doing mTLS Authentication per URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS