APM Configuration to Support Duo MFA using iRule

Overview BIG-IP APM has supported Duo as an MFA provider for a long time with RADIUS-based integration. Recently, Duo has added support for Universal Prompt that uses Open ID Connect (OIDC) protoco...
0151T0000040JicQAE.png
Updated Sep 19, 2024
Version 6.0
BIG-IP
BIG-IP Access Policy Manager (APM)
big-ip apm
duo
iRules
mfa
OAuth Client
security
enzo's avatar
enzo
Icon for Altostratus rankAltostratus
May 19, 2022

I know this is an old post but was curious if anyone has run into this issue.  My APM policy was failing at  the OAuth branch rule expression. To fix it I had to change the OAuth branch rule

Expression: expr {[mcget {session.oauth.client.last.authresult}] == 1}  <-- Changed to 0

Is this a valid fix or im I bypassing any security controls by chaging this branch Expression

 

Thank You

Enzo