APM Configuration to Support Duo MFA using iRule

Overview BIG-IP APM has supported Duo as an MFA provider for a long time with RADIUS-based integration. Recently, Duo has added support for Universal Prompt that uses Open ID Connect (OIDC) protoco...
0151T0000040JicQAE.png
Updated Sep 19, 2024
Version 6.0
BIG-IP
BIG-IP Access Policy Manager (APM)
big-ip apm
duo
iRules
mfa
OAuth Client
security
varunmuthusamy's avatar
varunmuthusamy
Icon for Nimbostratus rankNimbostratus
Jun 14, 2021

Hi  

 

I am trying to set this up for a webtop. I am on version 16.0.11 Build 0.9.6. I authenticate using LDAP first then use the irule event and oauth client before assigning the resources. After successfully authenticating to LDAP, I get redirected to the Duo portal with the error " {"error": "invalid_client", "error_description": "The supplied client_assertion is not a valid JWT"} " I have double-checked my configuration and looks ok. so not sure what I am missing. can you help?

 

Thanks

Varun