Authentication as endpoint check?

Question

I need to have two factor (RADIUS and AD) authentication for users accessing one virtual host and one factor (AD only) authentication for users accessing another virtual host.  It seems that the only way to have two-factor authentication is to enable secondary AD password authentication globally.  This means that the logon page for all Master Groups (dynamically mapped from virtual host) will show two password fields, even if the Master Group has only one form of authentication configured.&nbsp;
&nbsp;I'm wondering if I can build a prelogon inspection to prompt for RADIUS password if the user comes in on a particular virtual host.  &nbsp;
&nbsp;For instance, if a user goes to VirtualHostA then he gets a prompt for RADIUS authentication.  On Success, he gets the normal FirePass logon page with one password field - using AD authentication.  On Fail, he gets the Login Denied page.
&nbsp; 
&nbsp;If a user goes to VirtualHostB then he goes straight to normal FirePass logon page with one password field using AD authentication.&nbsp;
&nbsp;Has anyone had any experience with this?

fuzz_31058 · Answer

The ability to display the additional domain password field per Landing URI is another option. I believe this was added in 6.0.2 I have attached a screen capture.

matt_64003 · Answer

Thanks Fuzz.  I found this option in the new code and it is exactly what I needed.

Forum Discussion

Authentication as endpoint check?

Recent Discussions

AS3 Limitations

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

List of F5 iControl REST API Endpoints

Apache Airflow Unsafe API Endpoint

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

BIG-IP Next Automation: Working with the AS3 API endpoints

F5 Cloud Failover Extension (CFE), private endpoints, and custom DNS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS