APM Configuration to Support Duo MFA using iRule

Overview BIG-IP APM has supported Duo as an MFA provider for a long time with RADIUS-based integration. Recently, Duo has added support for Universal Prompt that uses Open ID Connect (OIDC) protoco...
0151T0000040JicQAE.png
Updated Sep 19, 2024
Version 6.0
BIG-IP
BIG-IP Access Policy Manager (APM)
big-ip apm
duo
iRules
mfa
OAuth Client
security
JacobV's avatar
JacobV
Icon for Nimbostratus rankNimbostratus
Feb 07, 2023

Thanks, JoshBecigneul 

Bringing up the forward zone helped me find the immediate issue.
It seems that this one F5 device can't reach the Duo API endpoint.

I'll have to work on getting that resolved.

I had assumed there weren't any connectivity issues as the Duo RADIUS login method relied on a user's browser to load a script from Duo instead of the F5 device communicating directly with Duo. Its communications with the API endpoint were also being handled by a Duo Authentication Proxy that had connectivity. 

I'll try to report back when that's cleared up.