Forum Discussion

Demeter_Luo's avatar
Demeter_Luo
Icon for Nimbostratus rankNimbostratus
Jul 14, 2017

APM two-factor authentication issues.

Hello All

 

I have a APM used two-factor authentication ,The first is AD auth and the second is DUO auth.Have been able to used two-factor authentication.

 

My question is below:

 

When the user used the VPN and then exit the F5 edge client.

 

"After one hour".The user to login the F5 edge client again.

 

I need the user to automatically skip AD authentication, only perform DUO authentication.

 

If more than one hour, The users need to perform all the two-factor authentication.

 

So. How to configurtion my APM ,To login again in one hour, only perform DUO authentication.?

 

Thanks again everyone.

 

  • This would be quite tricky as you would need to record when a user has authenticated to determine if they have previously logged in within the last hour. APM does not native way of checking if a user has previously authenticated When a user logs off, the session is terminated and APM no longer holds session variables, so the only things I can think of are: Have something on the client that can be read using a client side check. Or, use an irule to write the username and a timestamp to the session table. Based on the presence of this information you can make a decision on what AAA method to use.