How I did it - "Application authentication with Verizon ID and F5 Access Policy Manager"
The global application landscape has changed significantly over the past few years with the proliferation of public clouds, modern app frameworks and modern authentication strategies. However many organizations still face a challenge with respect to some of their more "classic" applications, (i.e. header-based, Kerberos, etc.). Specifically, how can these apps utilize modern authentication methods that end users have become accustomed to using.
Fortunately, the F5 BIG-IP with Access Policy Manager (APM) is well positioned to provide single sign-on authentication access to backend applications. Furthermore, since APM supports modern authentication methods such as SAML 2.0 and OAuth 2.0, the BIG-IP can act as a proxy between the application and the identity provider effectively modernizing the application's security profile and end-user experience.
Speaking of identity providers....
For this installment of the "How I Did it" series, here's a brief overview of how I integrated F5 APM with Verizon ID. With this integration we'll use SAML 2.0 federation and single sign-on to provide modern multi-factor authentication (MFA) to a header-based application using my mobile device.
Why, what is this Verizon ID you speak of?
Good question. Verizon ID is a multi-factor identity solution that utilizes biometrics and blockchain technology to securely store, manage and provide a "user-transparent" process. End users can store their identity access information in a secure vault on their mobile device and provide passwordless validation.
For this walkthrough I synchronized my on-premises Active Directory domain, ('aserracorp.com') with my Verizon ID tenant. This way, I was able to retain and manage my user account database on-premises while still utilizing Verizon ID for my MFA.
The Verizon ID admin portal provides a web UI for managing and configuring users database(s), applications, and federation. For this walkthrough I utilize the admin portal UI to:
- sync my user database
- configure federation and create a SAML IdP endpoint (application)
- download SAML IdP metadata
Access Policy Manager with guided configuration
As most of us familiar with the BIG-IP can attest, I had a number of options for configuring the various access and traffic management resources. For this walkthrough I utilized the Access Guided Configuration (AGC) to deploy all the necessary BIG-IP resources. The guided configuration process steps the admin through each step from creating pool members and virtual servers to SAML service provider and SSO resources.
Let’s See it in Action
Yep, you guessed it; let's watch a movie! 😀 Afterall, if a picture is worth a thousand words, then a 4-minute video must be worth..well...um...hmm.
For additional guidance and information related to configuring Verizon ID and BIG-IP AGC refer to the links below.
- Verizon ID
- F5 BIG-IP Access Policy Manager
- F5 Access Guided Configuration
- 1Kosmos Documentation. - (Verizon ID Blockchain identity solution provider)