One Time Passwords via an SMS Gateway with BIG-IP Access Policy Manager

One time passwords, or OTP, are used (as the name indicates) for a single session or transaction.  The plus side is a more secure deployment, the downside is two-fold—first, most solutions involve a ...
Published Feb 08, 2011
Version 1.0
adn
automation
BIG-IP
BIG-IP Access Policy Manager (APM)
dev
industry
management
monitoring
news
security
Kristoffer_O_52's avatar
Kristoffer_O_52
Icon for Nimbostratus rankNimbostratus
Apr 18, 2012
I took Aung's advice and made som adjustment to the code. This version wil return a alphanumeric string with a length of 6.

 

 

!!! ONLY WORKS ON LTM-11.1.0 AND UP !!!

 

 

when ACCESS_POLICY_AGENT_EVENT {

 

expr srand([clock clicks])

 

set tmpKey [CRYPTO::keygen -alg random -len 128 -passphrase [AES::key 128] -rounds 2]

 

set otp [string toupper [string range [b64encode $tmpKey] 0 5]]

 

set mail [ACCESS::session data get "session.ad.last.attr.mail"]

 

set mobile [ACCESS::session data get "session.ad.last.attr.mobile"]

 

set logstring mail,$mail,otp,$otp,mobile,$mobile

 

ACCESS::session data set session.user.otp.pw $otp

 

ACCESS::session data set session.user.otp.mobile $mobile

 

ACCESS::session data set session.user.otp.username [ACCESS::session data get "session.logon.last.username"]

 

log local0.alert "Event [ACCESS::policy agent_id] Log $logstring"

 

}

 

 

when ACCESS_POLICY_COMPLETED {

 

log local0.alert "Result: [ACCESS::policy result]"

 

}

 

 

Kristoffer