Forum Discussion

Nimbostratus

Jan 10, 2017

Trouble implementing multi-stage authentication (AD + Duo)

I'm trying to implement an unusual multi-stage, multi-factor authentication process, and I'm getting hung up for reasons that aren't clear to me. Here's the existing, and working, system: The us...

application delivery

BIG-IP Access Policy Manager (APM)

David_E__Smith

Nimbostratus

Jan 11, 2017

As requested, though I'm not sure this is the right place to look:

We have iRules that trigger on HTTP_REQUEST and HTTP_REQUEST_DATA, to collect the username and password from the HTTP payload, and store them in a table. Then, on ACCESS_SESSION_STARTED, I pull that data back out of the table and pop it into the session.custom.username and session.custom.password fields with the VPE action. (I don't remember if it was impossible to populate session.logon.last.x directly, or if it was just considered poor practice to do so.)

The AD auth is just a simple auth -- since the user has already been authenticated to our application, I don't need to do this. It's just simpler to do an auth, followed by a query, than to do a query with a service account.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)