Forum Discussion
VKanwade
Nimbostratus
NimbostratusHow to develop a second factor authentication plugin/extension?
Very new to BIG-IP
I am trying to port an extension for second factor authentication written for PingFederate.
There I have to create a jar and deploy it in PF. Then I can login as admin and configure it as a policy: Login using AD, on success, trigger my plugin which does the OTP and then allow access to the resource.
How do I do something similar in BIG-IP?
Is APM > AAA Servers the right way to do this?
VKanwadeHi the extension is something I am building and yes it can be run on a separate tomcat.
I was able to get to a point where I created a pool, virtual server and access policy. but kind of stuck how to configure the policy to include it.
Ahmed_GalalCirrostratus
for me Radius Auth is OTP server but first you need to configure Radius authentication server under APM module
boneyardMVP
are you posting the required information back to the APM at the end of the external logon page?
https://techdocs.f5.com/en-us/bigip-16-0-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-logon-items/about-the-external-logon-page.html
i would start with something like this and do the AD stuff afterwards
https://devcentral.f5.com/s/question/0D51T00006i7WriSAE/error-with-external-logon-page
- boneyard
APM is the right module for sure
but loading something like a jar is not something you do with F5 BIG-IP APM
you can create an access profile, and in the visual policy editor create your auth flow. first AD then your second factor authentication.
if that will work depends on the two factor "extension", is it fully custom? can it run somewhere separate where the F5 BIG-IP APM module can communicate with it?
this isn't something that is easy without some basic APM knowledge, can your F5 partner or distributor perhaps help?