Forum Discussion
eLeCtRoN
Cirrus
CirrusF5 APM with TOTP iRule event with QR Code creation
Hello,
we have an topic F5 APM with TOTP iRule event with QR Code creation, we did user that from GIT https://github.com/isometry/f5-totp and it works fine at the moment with the datagroup for testing. In productive scenario we have to user the LDAP/AD to put a secret behind a user. So my question is, is it possible for convenience and self service for the user to generate a QR Code between the auth process from the F5 it self ? Without Google Authenticator and so on !!! My idea was to generate a QR code with the powershell
https://www.powershellgallery.com/packages/QRCodeGenerator/2.6.0 or to put the QR Code inside a unc path from the user. Is something possible or do we need an third party tool for example entraID, Microsoft Authenticator, Google Auth., RSA Auth. Manager (SecurID) and so on. Maybe someone has already implemented such a requirement. I saw there a java script for the QR code cration:
https://github.com/akhmarov/f5_otp/blob/master/docs/INSTALL.md#create-apm-hosted-content
Maybe it is possible an I could get some hints how could I find the best solution for that.
kind regards
ZdenekCirrostratus
Hi, yes you definitely can. I did it in the past.
QR code is just URL "otpauth://totp/...." which keeps all the variables to be read by the cellphone.
I found some javascript which is able to render QR code, I saved it to datagroup and created iRule which reads variables (secret, digits, issuer, etc..) from storage (in our case it was AD) and then I used iRule to respond HTML page with the javascript which used the variables.
I dont have exact examples, but it was not that hard..
eLeCtRoNHi Zdenek,
take just a look at this page maybe you can remember that it was this way !?
https://github.com/akhmarov/f5_otp
kinde regards
- Zdenek
No I didnt use iRule LX for this