APM Cookbook: Two-Factor Authentication using YubiKey OTP with iRulesLX.

Introduction It’s been a number of years since I penned my first DC article: Two-Factor Authentication using YubiKey, YubiCloud and APM. A lot has changed over the years, BIG-IP versions and ...

Published Feb 07, 2017

Version 1.0

2fa

application delivery

BIG-IP Access Policy Manager (APM)

Cirrostratus

Joined July 31, 2011

View Profile

Peter_Baumann

Cirrostratus

May 08, 2018

Great guide, thanks for this!

I found a small bug in the "YubiKey Serial Match" block, the "Match found" branch has the following expression:

expr { [mcget {session.yubikey.serial}] eq [string trim [mcget {session.ad.last.attr.employeeID}] 0] }

should be:

expr { [mcget {session.yubikey.serial}] eq [string trimleft [mcget {session.ad.last.attr.employeeID}] 0] }

according to http://wiki.tcl.tk/10174:

"trim removes characters from the beginning and end of a string"

We could verify that a yubikey serial with a ending of "0" would not be accepted.

Peter

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

APM Cookbook: Two-Factor Authentication using YubiKey OTP with iRulesLX.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS