Forum Discussion
sfntauth_180479
Nimbostratus
NimbostratusCertificate based user authentication to F5 APM
We are in need to test CBA authentication to F5 using PKI tokens.
Instead of proving AD username and password, user inserts his token(Having user certificate) to client machine and provides pin to th...
amolari
Cirrostratus
CirrostratusF5 will be able to check the user certificate but in no way if it's on a token or not (this "info" is not available at all in the communication). Here it's a PKI policy that helps. You should either have
- certificates on token are issued by a specific CA (higher assurance): the APM will check only client certs issued by that CA
- certificates on token have specific properties: the APM can check this properties (that will require an iRule)
Hopefully you have already deployed you certificates in a way that you can apply either 1) or 2)
