Forum Discussion

Cirrus

Sep 02, 2015

Using CAC to access BigIP web management interface

I am trying to set up the web management interface on a 11.6.0 system to authenticate administrators against AD when managing the BigIP. I'd like to know if there's a document out there to help me s...

application delivery

BIG-IP Access Policy Manager (APM)

Nimbostratus

Aug 09, 2016

I was thinking about this as I am in the same boat as far as this potentially becoming a requirement. I think an easy way to do this would be to set up a VS for the F5 management itself and cac-enable that VS using LTM or APM, whichever flavor you choose. Then you still have Radius or username/password as a backup option but never have to use the management IP again except in an emergency when, say, OCSP is down or something.

hejman_229037

Nimbostratus

Aug 29, 2016

Ok.....we just upgraded to 12.1.0 as we were told this would support using arbitrary fields from the DOD Token certs to authenticate for MC. I have a VIP setup for one environment and hitting that url it does read the cert and prmopts for PIN; it then goes to the 'local' login screen. How do I get it to authenticate the Subject Alternate Name from token to AD for our -admin accts? I have tried various SSL settings/certs....no luck. Do I have to use Client Cert LDAP config?

thanks in advance...

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)