Suppress MFA for a period of time
Problem this snippet solves: This code snippet can be used if you want to suppress MFA for a period of time. This solution uses an encrypted persistent cookie, that will be set at a successful MFA l...
Published Jul 16, 2019
Version 1.0
So what does the iRule on the frontend vs looks like? Something like this:
when RULE_INIT {
# change passphrase below before any publishing
# set seconds after which the peristent cookie expires
array set static::suppress_mfa {
passphrase "hEuoYjmFUpB4PcpO3bUdQtLP4ic7jjm"
cookie "SuppressMFA"
seconds 86400
}
}
when HTTP_REQUEST {
virtual vs_backend
}
when HTTP_RESPONSE {
# if cookie should be set, insert an encrypted cookie containing the hash (username and user-agent)
if { [ACCESS::session data get session.custom.suppressmfa.setcookie] == 1 } {
HTTP::cookie insert name $static::suppress_mfa(cookie) value [ACCESS::session data get session.custom.suppressmfa.hash]
HTTP::cookie expires $static::suppress_mfa(cookie) $static::suppress_mfa(seconds) relative
HTTP::cookie encrypt $static::suppress_mfa(cookie) $static::suppress_mfa(passphrase)
HTTP::cookie path $static::suppress_mfa(cookie) "/"
HTTP::cookie secure $static::suppress_mfa(cookie) enable
ACCESS::session data set session.custom.suppressmfa.setcookie 0
}
}