APM Configuration to Support Duo MFA using iRule
Overview
BIG-IP APM has supported Duo as an MFA provider for a long time with RADIUS-based integration. Recently, Duo has added support for Universal Prompt that uses Open ID Connect (OIDC) protoco...
Updated Nov 27, 2024
Version 7.0Hardeep_Kaur
Ret. Employee
Joined May 16, 2019
delv3chio
Employee
Joined May 20, 2019
Jerrod_Kimbler
Employee
Joined May 16, 2019
aefting
Sep 28, 2023Altostratus
I wanted to post a follow up to this issue:
Regarding the OAuth branch rule, I was also failing with the rule set to 1. The following fixed it for me. I’m also not clear why this is the case.
Expression: expr {[mcget {session.oauth.client.last.authresult}] == 1} <-- Changed to 0
I opened a ticket with support and they found my problem, I had a typo in my irule -- notice the double "/oauth/v1/token" in this line. When I corrected it, everything worked with the "=1" expression like it should.
set aud https://api-xxxxxdac.duosecurity.com/oauth/v1/token/oauth/v1/token