APM Configuration to Support Duo MFA using iRule

Overview BIG-IP APM has supported Duo as an MFA provider for a long time with RADIUS-based integration. Recently, Duo has added support for Universal Prompt that uses Open ID Connect (OIDC) protoco...

Updated Sep 19, 2024

Version 6.0

BIG-IP

BIG-IP Access Policy Manager (APM)

Ret. Employee

Joined May 16, 2019

View Profile

delv3chio

Employee

Joined May 20, 2019

View Profile

Jerrod_Kimbler

Employee

Joined May 16, 2019

View Profile

Lucas_Thompson

Employee

You need to make two edits to the iRule with your tenant information:

proc getClientId {
return "PUT YOUR TENANT'S CLIENT ID HERE"
}

proc getJwkName {
return "PUT THE BIG-IP OBJECT NAME FOR THE JWK HERE"
#e.g. return "/Common/duo_jwk"
}

JHDUKE

Altostratus

Sep 26, 2024

Thanks for the response. I do have these already configured in the iRule. The warnings seem to be associated only with the 'proc' definitions..

cjrnz
Nimbostratus
Nov 08, 2024
I get the same warnings, still on version 15 here but in the throes of planning to move to 17 which is where I noticed the warnings. The script itself works fine.

APM Configuration to Support Duo MFA using iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS