SURFsecureID Second Factor Only (SFO) Authentication

Problem this snippet solves: Second Factor Only authentication allows a SP to authenticate only the second factor of a user. With SFO you can add two factor authentication to your institutions appli...
Updated Jun 06, 2023
Version 2.0
BIG-IP Access Policy Manager (APM)
David_Gill's avatar
David_Gill
Icon for Cirrus rankCirrus
Jan 30, 2018

Could someone explain the need for two virtuals and how/why the first calls the second? In my case I have built a portal which provides webtop links and portal links to internal apps. I am trying to use RSA for SFO Authentication. The requirements are exactly as described by this snippet which is the inclusion of the user name in the Subject element of the AuthnRequest.

 

Using the terminology in this article, I believe my existing Portal which has the access policy, performs the primary authentication and ultimately presents the portal links is the backend server. I am not sure exactly how the front-end virtual is supposed to be defined, addressed and called. Why can the iRules not be assigned to the main portal virtual?

 

Any additional details that could be provided would be helpful. Thanks.

 

APM 12.1.2