Forum Discussion
F5 APM Google Authenticator
I'm looking to implement two factor authentication in front of a web top.
I would like to have the option to enroll users who do not have a shared secret stored for the 2FA when they first login.
Following the below guide is troublesome as links to the example iRule source code return 404.
https://devcentral.f5.com/s/articles/two-factor-authentication-with-google-authenticator-and-apm
Is there any modern resources for implementing Google Authenticator / 2FA (TOTP/HOTP) on big-ip 14+ ?
This seems like a very simple feature and it is puzzling why it isn't just a check-box in APM.
As far as I know there is not yet a solution available that will give you the option to enroll users that don't have a shared secret stored. Here are some links that will give you more information about the implementation that George Watkins created:
https://loadbalancing.se/2016/07/09/setting-up-apm-with-google-authenticator/
https://f5-agility-labs-iam.readthedocs.io/en/latest/class9/module5/lab1.html
There is also another implementation available that has more focus on security. See:
https://devcentral.f5.com/s/articles/apm-google-authenticator-http-api-914
- zchriss
Altostratus
Hi Niels,
The top link ( https://loadbalancing.se/2016/07/09/setting-up-apm-with-google-authenticator/ ) was exactly what I was looking for. It seems to mostly follow George Watkins guide and more importantly has a copy of the irules. Thanks!
I have seen enrollment done here, and the video does make it look very polished:
https://www.youtube.com/watch?v=mFmx4TDWyD0
Again, it seems like there are no copies of the irules anywhere. Which is a shame!
Cheers,
Chris
Hi Chris,
Nice feature! The iRules for auto enrollment seem to be located here:
https://github.com/codygreen/F5-MFA
Kind regards,
--Niels
- gpetricca
Nimbostratus
Hi all,
about the codygreen solution using iRules LX for self-enrollment, do you know where to find the corresponding APM policy?
I'm trying to reverse-engineer the code, but it's difficult for me to build the policy flow.
Thanks!
Cheers,
Gabriele.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com