Forum Discussion

eLeCtRoN's avatar
eLeCtRoN
Icon for Cirrus rankCirrus
Aug 26, 2024

F5 APM with TOTP iRule event with QR Code creation

Hello,

we have an topic F5 APM with TOTP iRule event with QR Code creation, we did user that from GIT https://github.com/isometry/f5-totp and it works fine at the moment with the datagroup for testing. In productive scenario we have to user the LDAP/AD to put a secret behind a user. So my question is, is it possible for convenience and self service for the user to generate a QR Code between the auth process from the F5 it self ? Without Google Authenticator and so on !!! My idea was to generate a QR code with the powershell

https://www.powershellgallery.com/packages/QRCodeGenerator/2.6.0 or to put the QR Code inside a unc path from the user. Is something possible or do we need an third party tool for example entraID, Microsoft Authenticator, Google Auth., RSA Auth. Manager (SecurID) and so on. Maybe someone has already implemented such a requirement. I saw there a java script for the QR code cration:

https://github.com/akhmarov/f5_otp/blob/master/docs/INSTALL.md#create-apm-hosted-content

Maybe it is possible an I could get some hints how could I find the best solution for that.

 

kind regards

 

application delivery
devops
security
  • Zdenek's avatar
    Zdenek
    Icon for Cirrus rankCirrus
    Aug 27, 2024

    Hi, yes you definitely can. I did it in the past.

    QR code is just URL "otpauth://totp/...." which keeps all the variables to be read by the cellphone.

    I found some javascript which is able to render QR code, I saved it to datagroup and created iRule which reads variables (secret, digits, issuer, etc..) from storage (in our case it was AD) and then I used iRule to respond HTML page with the javascript which used the variables.

    I dont have exact examples, but it was not that hard..