Forum Discussion

Nimbostratus

Sep 13, 2022

APM OTP authentication

We are using APM for OTP authentication , The problem is that there are a number of users who on purpose make the first registration using the username and password, then after the OTP-code arrives, ...

apm otp

application delivery

Torijori_Yamamada

Cirrus

Sep 14, 2022

Hi,

When APM creates an OTP code you can save it on a table with help of an iRule so if user try to create another session, you can able to check whether same user have a session already. If there is another OTP code, so you can return a message that says like "use OTP code sent previusly".

But this looks like an example of "wrong usage of computers" more than an APM problem. If i encounter same problem, i probably choose to put a time limit which restrict users have one session in a certain time of frame. When they open another one, i block them for a limited of time, so evolution continues and people learn.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

APM OTP authentication

Recent Discussions

how to whitelist new source IP on F5 web UI access

F5 to read a combined CRL file

Upgrade F5 BIGIP

ISP Load Balancing, SNAT pool instead of Automap link self-ip, anyway to do health check ?

MAC address of deleted VS IP address still responsive

Related Content

APM Cookbook: Two-Factor Authentication using YubiKey OTP with iRulesLX.

AD Authentication and Local DB Authentication in APM

Brute Force protection for single parameter like OTP

APM Sharepoint authentication v2

APM Clientless certificate authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS