For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

THi's avatar
THi
Icon for Nimbostratus rankNimbostratus
Aug 23, 2013

APM local user database and OTP

Hi

 

Is there any way to add fields to the APM local user database? The local db was introduced back in 11.4 and it can have only user names, password and e-mail + group info. Is there any way to add more fields, like phone number for 2-factor authentication using built-in SMS OTP functionality?

 

This would be useful in certain situations for example giving stronger authentication for management access when normal authentication via AD is broken.

 

--THi

 

BIG-IP Access Policy Manager (APM)
security

2 Replies

  • Andrew_Husking's avatar
    Andrew_Husking
    Icon for Cirrus rankCirrus
    Sep 03, 2013

    I know it's not as pretty, but could you not use iRule datagroups to extend it as required?

     

    Sadly we haven't gone to 11.4 yet so i haven't seen the new features.

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Sep 03, 2013

    You can't add additional fields, but here's a thought. The group memberships section is really just arbitrary text, so you could add strings (as groups) like the following:

    sms_123_456_7890

    And then read them from the policy or iRules.

    when ACCESS_ACL_ALLOWED {
    log local0. [ACCESS::session data get session.localdb.groups]
}

    ** where "session.localdb.groups" is the destination session variable in the VPE Local Database agent.