APM Configuration to Support Duo MFA using iRule

Overview BIG-IP APM has supported Duo as an MFA provider for a long time with RADIUS-based integration. Recently, Duo has added support for Universal Prompt that uses Open ID Connect (OIDC) protoco...
0151T0000040JicQAE.png
Updated Sep 19, 2024
Version 6.0
BIG-IP
BIG-IP Access Policy Manager (APM)
big-ip apm
duo
iRules
mfa
OAuth Client
security
enzo's avatar
enzo
Icon for Altostratus rankAltostratus
Dec 05, 2022

Go to 

Access  ››  Overview : Event Logs : Settings. 

Clcik "Create" for new log profile or click the check box next to "default-log-setting" and click "Edit"

The  "Edit APM Log Setting"  will open.
In  "General Information" check the box for "Enable Access System Logs" and give it a name if its new.
Under "General Information" Choose "Access System Logs" on the left click the drop down for "Access Policy" and choose  "Debug". Do the same for "OAuth"

In the "Access Profiles" section  use the arrow to add the policy your troubleshooting to the "Selected" field

Login to the VIP associated with your DUO access profile 

Go to "Access  ››  Overview : Active Sessions"

Find your login and click the session ID

Hope this helps