APM Configuration to Support Duo MFA using iRule

Overview BIG-IP APM has supported Duo as an MFA provider for a long time with RADIUS-based integration. Recently, Duo has added support for Universal Prompt that uses Open ID Connect (OIDC) protoco...
0151T0000040JicQAE.png
Updated Sep 19, 2024
Version 6.0
BIG-IP
BIG-IP Access Policy Manager (APM)
big-ip apm
duo
iRules
mfa
OAuth Client
security
steve_michaels's avatar
steve_michaels
Icon for Cirrus rankCirrus
Apr 29, 2021

Hi -

I have this setup on our F5 APM and using it for a MS Sharepoint Website. I've configured it as per-request policy and I can authenticate via DUO MFA using the Oauth Client in the policy and it gets me into the site. The problem I am encountering comes when an authenticated user tries to open a document in the "native", local Office application (Word, Excel Powerpoint). It doesn't work for that use case, Do you have any ideas on that?

We have been using the F5 APM DUO RADIUS integration and we have the same issue with that. That is why I am trying this new Oauth/iRule integration that you have published here.

By the way. Nice job on this config and write up!

Thanks

-Steve