Forum Discussion
NimbostratusFirepass to APM migration
Hi,
We are migrating Firepass to the BIGIP APM...
Question: Currently, Firepass is providing clients with following single login page username= domain password= secure authentication=
Once the client provides all the information on the same page he/she is allowed to gain access to the corporate assets.
I am having difficulty in implementing the same in APM, As after logon page, the APM is giving option to select one authentication server...How can i implement the same firepass behavior in APM.
Thanks
4 Replies
amolariCirrostratus
you can add additional fields to the default username/password in the logon page action. Then, you could perform multiple auth in the VPE such as AD auth and Radius and use there the corresponding variables you've used in the logon page.
WUM_113639Hi amolari,
Thanks you for your response... I appreciate your help!
But, our situation is a little different, we have Firepass currently doing authentication for all the VPN users on one logon page ....
Users enter username, AD password and RSA token on the same logon page and get authenticated.
In APM I do not see this option, I need your help in configuring the policy so that we have the same scenario in F5 APPM, where the user is given one logon page for both AD and RSA password verification.
- amolari
modify the APM logon page to have 3 fields (default is 2), each has its session variable. In the VPE, after the logon page, perform an AD auth action with sessin variables from field 1+2 and after that a Radius (or SecurID) auth with fields 1+3.
theXfactor82_91Both AD and SecurID use the same session variable so you'll have to setup a new variable as indicated in the post below. This worked for me.
My policy looks like..
Logon Page > Variable Assign > SecurID > Variable Assign > AD Auth > Successful
https://devcentral.f5.com/questions/bigip-apm-ad-rsa-auth
