APM Configuration to Support Duo MFA using iRule
Updated Mar 14, 2024
Version 4.0Was this article helpful?
Perhaps someone can figure out where this is failing.
I've gone through this setup on several of our F5s and even have automation developed to do most of it.
Depsite this, one of the F5s seems to be failing to resolve its own URL:
https://{ VIP URL }/oauth/client/redirect
I'm getting this error message in the Access log:
Agent_Type=Client;
OAuth_Config_Type=server;
OAuth_Config_Object=/{ partition }/duo_server;
Grant_Type_Msg= using 'authorization_code' grant type;
Credential_Type=(client_id=;Credential_ID={ Duo application ID });
Error_Message=HTTP error 503, DNS lookup failed;"
This is occurring when the Duo site is attempting to redirect a user back to the F5 device after 2FA succeeds.
The policy fails out after a few seconds since the page could not be loaded.
The DNS resolver setting is identical across all our F5s.
All of the configurations look identical.
Thanks in advance.