For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Anthony_Reddy_2's avatar
Anthony_Reddy_2
Icon for Nimbostratus rankNimbostratus
Jun 28, 2016

How to hardcode or customize the logon page to proceed for RADIUS auth without entering password in SSL/IPsec VPN client ?

Hi,

 

As i am integrating BIG-IP APM 12.0 with our RADIUS server. I would like to hardcode or customize the logon page as per my requirement.

 

Requirement1:

I would like to customize the Logon Page while authenticating with RADIUS. When i access the virtual server IP in web browser, i see the User name and Password field for remote access authentication.

 

Here, i just need to proceed for the RADIUS authentication, entering only User Name. On RADIUS server, it proceeds for entered user name Second Factor Authentication (Could be Response only-Soft Token OR Challenge Response-GRID).

 

 

At logon page, When i enter only RADIUS user name and click logon, it's not proceeding for RADIUS authentication and throwing the error that "The username or password is not correct. Please try again".

 

 

 

Here, i just want BIG-IP accept the authentication with empty password field (Only uSer name). Is it possible to hardcode the BIG-IP to accept only user name and proceed for RADIUS authentication ??

 

Your help is highly appreciated and thanks in advance.

 

Thank You, Anthony

 

BIG-IP
BIG-IP Access Policy Manager (APM)
devops

3 Replies

  • Arnaud_Lemaire's avatar
    Arnaud_Lemaire
    Icon for Employee rankEmployee
    Jun 30, 2016

    from the logon page customization menu in the vpe you can remove the password field, and then set session.logon.last.password to whatever value you may need from vpe or irule.

     

    i would first test by removing simply the password field and see if the big-ip is sending a radius request. there maybe some hidden logic where he absolutely needs a password. if yes set a dummy one and hope your radius doesn't check it.

     

  • Arnaud_Lemaire's avatar
    Arnaud_Lemaire
    Icon for Employee rankEmployee
    Jun 30, 2016

    ok, question i have is what happen if your radius server received a auth request with username and password setup ? does he initiate the otp process or does he try to validate the password ? if it doesn't care about the password you should put in the variable assign a fake password, instead of using a custom expression use a text option to configure anything. Or does you radius expect a generic password you are trying to set ?

     

  • Anthony_Reddy_2's avatar
    Anthony_Reddy_2
    Icon for Nimbostratus rankNimbostratus
    Jun 30, 2016

    Hi Arnaud,,

     

    I have tried make changes as per the steps that you have shared. But, it's not proceeding for the RADIUS auth and i see the SSL client status as "page loading" or attempting to RADIUS auth. Could you suggest me, required any additional changes?

     

     

     

     

    Thank You, Anthony