APM Cookbook: Two-Factor Authentication using YubiKey OTP with iRulesLX.

  Introduction It’s been a number of years since I penned my first DC article: Two-Factor Authentication using YubiKey, YubiCloud and APM. A lot has changed over the years, BIG-IP versions and ...
Published Feb 07, 2017
Version 1.0
2fa
application delivery
BIG-IP Access Policy Manager (APM)
cookbook
iRulesLX
security
yubikey
Peter_Baumann's avatar
Peter_Baumann
Icon for Cirrostratus rankCirrostratus
May 08, 2018

Great guide, thanks for this!

I found a small bug in the "YubiKey Serial Match" block, the "Match found" branch has the following expression:

expr { [mcget {session.yubikey.serial}] eq [string trim [mcget {session.ad.last.attr.employeeID}] 0] }

should be:

expr { [mcget {session.yubikey.serial}] eq [string trimleft [mcget {session.ad.last.attr.employeeID}] 0] }

according to http://wiki.tcl.tk/10174:

"trim removes characters from the beginning and end of a string"

We could verify that a yubikey serial with a ending of "0" would not be accepted.

Peter