APM Configuration With Authentications Against Priority ERP & Duo MFA

Question

Hi Team,I have the following scenario and I am looking for ways to implement DUO MFA via APM:Customer have Priority ERP On-Prem Server with SQL DB, users that connect to Priority login page are authenticated locally with SQL query. I know that SQL query is not supported by big-ip to authenticate users. Now we want to add DUO 2FA to login.I have followed the arcitle&nbsp;APM Configuration to Support Duo MFA using iRule&nbsp;and was wondering if there is a way to implament the solution with my scenario? I tried with AD Authentication and it works perfect. The problem is as i mentioned users authenticate localy at the server.The issue is what are my options for First Authentication Factor? I need a way for APM first to pass the user to Priority logon page and after successfull login redirect to DUO 2FA. I have tried to configure "External Logon Page" BUT encountered an endless loop between https:/APM_URL/.my.policy and the logon page.Can anyone advise which options I have with APM to implament the solution?&nbsp;Kind Regards,Max

maxt · Answer

I have tried but there is an issue with customers application, we end up with a redirect loop.

I have wrote an sideband connection iRule to do POST request with users credentials and check the status code from the server.

It works perfectly.

maxt · Answer

I found a solution but getting a hard time to write the right iRule.

I can make API call to the server with iRule sideband Connection to make POST with users credentials.

The flow will be:

https://APM_PORTAL_LOGON/.my.policy ------ > user POST credentials ------- > sideband iRule Event to collect users credentials and POST to server for validation ----- if GOOD proceed to DUO.

Does anyone has iRule sideband connection to validate users credenials ?

momahdy · Answer

Hi Maxt,
Have you tried using External Logon page ? https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-logon-items/about-the-external-logon-page.html

Forum Discussion

APM Configuration With Authentications Against Priority ERP & Duo MFA

Recent Discussions

Default retry time inband monitor

how to monitor the axfr master response

Http / https health monitor issue

I used the wrong email account when take Application Delivery Exam (101)

F5 looses the token for the first call

Related Content

Re: Getting Started with iRules: Events & Priorities

Application Programming Interface (API) Authentication types simplified

Two-Factor Authentication With Google Authenticator And APM

Controlling a Pool Members Ratio and Priority Group with iControl

Maintaining BIG-IP's Golden Compliance Configuration in Financial Services

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS