Configuring Smart Card Authentication to the BIG-IP Traffic Management User Interface (TMUI) using F5's Privileged User Access Solution

As promised in my last article which discussed configuring the BIG-IP as an SSH Jump Server using smart card authentication, I wanted to continue the discussion of F5's privileged user access with ad...
Published Jul 18, 2018
Version 1.0
application delivery
BIG-IP Access Policy Manager (APM)
iRulesLX
security
lnxgeek's avatar
lnxgeek
Icon for MVP rankMVP
Jul 20, 2018

Aaah nice. I didn't realize that the ldap proxy only intercepted relevant requests.

 

Back to my question. I think I understand it now, you transfer the ephemeral password to a session variable which is used in the SSO.

 

I haven't tried to implement it yet but I'm sure your guide will make it quite easy for me to do though it is in a nice package.

 

I like to know a little about the logic before I use it as it is a rather complex solution and troubleshooting it would not be easy, that and that I'm not strong in iLX. I might dissect it and use parts of it as it enables some crazy implementations options. And no competitor can do anything like this (not even close!) so a presales setup would make sense.

 

If this functionality could be baked into the product I would prefer that, the solution has many moving parts. Maybe a iAppLX package could do it?

 

Anyway thanks for the elaboration of the implementation.