APM Configuration to Support Duo MFA using iRule

Overview BIG-IP APM has supported Duo as an MFA provider for a long time with RADIUS-based integration. Recently, Duo has added support for Universal Prompt that uses Open ID Connect (OIDC) protoco...
0151T0000040JicQAE.png
Updated Sep 19, 2024
Version 6.0
BIG-IP
BIG-IP Access Policy Manager (APM)
big-ip apm
duo
iRules
mfa
OAuth Client
security
JoshBecigneul's avatar
JoshBecigneul
Icon for MVP rankMVP
Sep 17, 2021

Wanted to add that I found during my testing if the floating self IP cannot make a connection to the Duo cloud on port 443, the OAuth connection will fail with an error message like the following:

/Common/DuoOAuthAccessPolicy:Common:xxxxxxxx:/Common/duo_web_act_oauth_client_ag: OAuth Client: failed for server '/Common/Duo-Oauth-Server' using 'authorization_code' grant type (client_id=ABCDEF01234568790), error: HTTP error 503, Connect failed

Otherwise, seems to work really well!