Forum Discussion
NimbostratusCertificate based user authentication to F5 APM
We are in need to test CBA authentication to F5 using PKI tokens. Instead of proving AD username and password, user inserts his token(Having user certificate) to client machine and provides pin to the token. Based on the user certificate present on the token, user is authenticated to the F5 server.
I can see certificate based client server communication in documentation, but we want user authentication to F5 using certificate on token.
Please assist if the use-case we are trying to test is feasible with F5 or not. Provide us with configuration steps if you have some other vendor tokens already working with PKI, or please guide me with the same.
1 Reply
amolariCirrostratus
F5 will be able to check the user certificate but in no way if it's on a token or not (this "info" is not available at all in the communication). Here it's a PKI policy that helps. You should either have
- certificates on token are issued by a specific CA (higher assurance): the APM will check only client certs issued by that CA
- certificates on token have specific properties: the APM can check this properties (that will require an iRule)
Hopefully you have already deployed you certificates in a way that you can apply either 1) or 2)
