Forum Discussion

Nimbostratus

May 31, 2016

Want to understand about pre-requisites and flow for Bigip APM browser based sslvpn with RSA smart card and token

Dear Friends, I just wanted to understand about ssl vpn(only browser based) with RSA.what could be the flow and pre-requisites in this case? first authentication method would be Active directory...

application delivery

BIG-IP Access Policy Manager (APM)

LTM

Yann_Desmarest

Cirrus

May 31, 2016

Hi,

In terms of pure security, I would recommend to set a login page with 3 fields (username, password, 2-factor) and authenticate first for the RSA token (using RSA native AAA or Radius Auth), then if 2-factor auth is successful, do the AD authentication.

In terms of configuration, you can use the following as an example :

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/6.html

Harry1

Nimbostratus

May 31, 2016

as per my understanding, we can configure both dual factor as per requirement. i mean either we can enforce first authentication as a secure auth and second would be AD as per customer requirement or vice-versa . please correct if i am wrong.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)