One Time Passwords via an SMS Gateway with BIG-IP Access Policy Manager

One time passwords, or OTP, are used (as the name indicates) for a single session or transaction.  The plus side is a more secure deployment, the downside is two-fold—first, most solutions involve a ...
Published Feb 08, 2011
Version 1.0
adn
automation
BIG-IP
BIG-IP Access Policy Manager (APM)
dev
industry
management
monitoring
news
security
AJ_6093's avatar
AJ_6093
Icon for Nimbostratus rankNimbostratus
Nov 16, 2012
Awesome thanks Kristoffer. I am able to add the iRule now.

 

I have come across a different problem now, after implementing the total setup, I am getting stuck between AD Query & iRule Event.

 

User is getting authenticated but the page is getting stuck and the session is eventually closing.

 

 

Below are the logs:

 

 

2012-11-16 15:58:59 Received User-Agent header: Mozilla%2f4.0%20(compatible%3b%20MSIE%207.0%3b%20Windows%20NT%206.1%3b%20WOW64%3b%20Trident%2f5.0%3b%20SLCC2%3b%20.NET%20CLR%202.0.50727%3b%20.NET%20CLR%203.5.30729%3b%20.NET%20CLR%203.0.30729%3b%20Media%20Center%20PC%206.0%3b%20InfoPath.3%3b%20.NET4.0C%3b%20.NET4.0E). Common

 

 

2012-11-16 15:58:59 Received client info - Type: IE Version: 9 Platform: Win7 CPU: WOW64 UI Mode: Full Javascript Support: 1 ActiveX Support: 1 Plugin Support: 0 Common

 

 

2012-11-16 15:58:59 New session from client IP 10.242.18.157 (ST=/CC=/C=) at VIP 10.242.22.128 Listener /Common/POC_SharePoint_HTTP Common

 

 

2012-11-16 15:59:17 Username 'sptest1' Common

 

 

2012-11-16 16:04:26 \N: Session deleted due to user inactivity or errors. Common

 

 

2012-11-16 16:04:26 IP Cleanup: Failed to read rtdom_id err: ERR_OK Common

 

 

2012-11-16 16:05:00 Session statistics - bytes in: 2324, bytes out: 6577 Common

 

 

++++++++++++++++++++++++++++++++++++++++++++++

 

 

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

 

listening on external, link-type EN10MB (Ethernet), capture size 96 bytes

 

15:24:56.697236 IP 10.242.22.5.44922 > 10.242.19.100.kerberos: v5

 

15:24:56.702915 IP 10.242.19.100.kerberos > 10.242.22.5.44922:

 

15:24:56.724561 IP 10.242.22.5.46779 > 10.242.19.100.kerberos: v5

 

15:24:56.730017 IP 10.242.19.100.kerberos > 10.242.22.5.46779: v5

 

15:24:56.736273 IP 10.242.22.5.58474 > 10.242.19.100.ldap: S 4094267117:4094267117(0) win 4380 0,nop,nop,timestamp 128825429 0,sackOK,eol>

 

15:24:56.738441 IP 10.242.19.100.ldap > 10.242.22.5.58474: S 2894698054:2894698054(0) ack 4094267118 win 8192 8,sackOK,timestamp 4279416 128825429>

 

15:24:56.738658 IP 10.242.22.5.58474 > 10.242.19.100.ldap: . ack 1 win 4380

 

15:24:56.738699 IP 10.242.22.5.58474 > 10.242.19.100.ldap: P 1:15(14) ack 1 win 4380

 

15:24:57.938405 IP 10.242.22.5.58474 > 10.242.19.100.ldap: P 1:15(14) ack 1 win 4380

 

15:25:00.138325 IP 10.242.22.5.58474 > 10.242.19.100.ldap: P 1:15(14) ack 1 win 4380

 

15:25:04.338394 IP 10.242.22.5.58474 > 10.242.19.100.ldap: P 1:15(14) ack 1 win 4380

 

15:25:12.538342 IP 10.242.22.5.58474 > 10.242.19.100.ldap: P 1:15(14) ack 1 win 4380