How to develop a second factor authentication plugin/extension?

 I am trying to build my own extension. So instead of the SSO Credential Mapping step, I have added External Logon Page. But for some reason [ACCESS::policy result] is always not_started instead of in_progress.

SSO credential mapping step not related to login it only take username and password that user inserted on logon page and pass it to application page so user can access application directly without entering credential again.

if you want to configure external logon page you should configure it instead of logon page in the begging but why do you want to configure external logon page??

  The external logon page is not actually logon page. Its a custom implementation of OTP (RSA Adaptive Authentication).

So the AD Auth actually does the authentication and then passes username to the tomcat server. The server talks to RSA AA, which tells which OTP method to use, the user finishes the OTP flow and is then redirected back to APM.

This is what I am trying to achieve.

Let me know if I am looking at this all wrong!

Thanks

are you posting the required information back to the APM at the end of the external logon page?

https://techdocs.f5.com/en-us/bigip-16-0-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-logon-items/about-the-external-logon-page.html

i would start with something like this and do the AD stuff afterwards

https://devcentral.f5.com/s/question/0D51T00006i7WriSAE/error-with-external-logon-page