Forum Discussion
How to develop a second factor authentication plugin/extension?
Very new to BIG-IP
I am trying to port an extension for second factor authentication written for PingFederate.
There I have to create a jar and deploy it in PF. Then I can login as admin and configure it as a policy: Login using AD, on success, trigger my plugin which does the OTP and then allow access to the resource.
How do I do something similar in BIG-IP?
Is APM > AAA Servers the right way to do this?
APM is the right module for sure
but loading something like a jar is not something you do with F5 BIG-IP APM
you can create an access profile, and in the visual policy editor create your auth flow. first AD then your second factor authentication.
if that will work depends on the two factor "extension", is it fully custom? can it run somewhere separate where the F5 BIG-IP APM module can communicate with it?
this isn't something that is easy without some basic APM knowledge, can your F5 partner or distributor perhaps help?
- VKanwadeNimbostratus
Hi the extension is something I am building and yes it can be run on a separate tomcat.
I was able to get to a point where I created a pool, virtual server and access policy. but kind of stuck how to configure the policy to include it.
- Ahmed_GalalCirrostratus
for me Radius Auth is OTP server but first you need to configure Radius authentication server under APM module
- VKanwadeNimbostratus
I am trying to build my own extension. So instead of the SSO Credential Mapping step, I have added External Logon Page. But for some reason [ACCESS::policy result] is always not_started instead of in_progress.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com