APM Full Step Up Authentication

Problem this snippet solves: By default, APM is not able to handle several authentication during a session. Once you are logged in, it’s finished, you can’t ask for authentication again. Since v1...

Updated Jun 06, 2023

Version 2.0

2-factor

authentication

BIG-IP Access Policy Manager (APM)

iRules

loa

programmability contest

security

step-up

Yann_Desmarest

Cirrus

Joined September 11, 2012

View Profile

Niels_van_Sluis

MVP

Oct 19, 2016

Hi Yann,

Thanks for clarifying that. I found another thing in the iRule that doesn't seem to work for me. It has to do with the password setting between the old and the new session. This rule (line 26):

ACCESS::session data set session.custom.last.password [ACCESS::session data get session.logon.last.password -sid $decrypted]

The APM logon password variable isn't accessible from an iRule. I had to implement a workaround as described here:

https://devcentral.f5.com/questions/cant-get-apm-secure-session-variable-value-in-irule

Best regards,

Niels

APM Full Step Up Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS