APM Configuration to Support Duo MFA using iRule
Overview
BIG-IP APM has supported Duo as an MFA provider for a long time with RADIUS-based integration. Recently, Duo has added support for Universal Prompt that uses Open ID Connect (OIDC) protoco...
Updated Nov 27, 2024
Version 7.0Hardeep_Kaur
Ret. Employee
Joined May 16, 2019
delv3chio
Employee
Joined May 20, 2019
Jerrod_Kimbler
Employee
Joined May 16, 2019
JacobV
Feb 07, 2023Nimbostratus
Thanks, JoshBecigneul
Bringing up the forward zone helped me find the immediate issue.
It seems that this one F5 device can't reach the Duo API endpoint.
I'll have to work on getting that resolved.
I had assumed there weren't any connectivity issues as the Duo RADIUS login method relied on a user's browser to load a script from Duo instead of the F5 device communicating directly with Duo. Its communications with the API endpoint were also being handled by a Duo Authentication Proxy that had connectivity.
I'll try to report back when that's cleared up.