F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jan 24, 2014

Good question. Assuming you're talking about an Access Policy Manager (APM) implementation here. If so, there are quite a few choices. Here's a list of the "built-in" client side authentication mechanisms:

 

  • Kerberos (ticket - SPNEGO/GSSAPI)
  • PKI (certificate - OCSP/CRLDP)
  • RSA (token - SecurID)
  • HTTP (form/basic - username/password)
  • AD/LDAP (auth/query)
  • RADIUS/TACACS+ (auth/query)
  • SAML (IdP/SP)

These are just the methods listed in the GUI. You can also quite easily employ one-time passcode (OTP) in v11.3 and above, 11.4 has a local user database, client side NTLM is technically possible (albeit still a little unintuitive), anything you can dream up in an iRule, and using an external logon page function you can pass an authentication step off to another service that can do something completely different. So then the question becomes, what do you want to add to what you already have? Can I also assume you're using username and password with the RSA token? Whatever you choose, depending on what it is, can be integrated into your access policy in a fairly straight forward way.