on 29-Nov-2022 05:00
The global application landscape has changed significantly over the past few years with the proliferation of public clouds, modern app frameworks and modern authentication strategies. However many organizations still face a challenge with respect to some of their more "classic" applications, (i.e. header-based, Kerberos, etc.). Specifically, how can these apps utilize modern authentication methods that end users have become accustomed to using.
Fortunately, the F5 BIG-IP with Access Policy Manager (APM) is well positioned to provide single sign-on authentication access to backend applications. Furthermore, since APM supports modern authentication methods such as SAML 2.0 and OAuth 2.0, the BIG-IP can act as a proxy between the application and the identity provider effectively modernizing the application's security profile and end-user experience.
Speaking of identity providers....
For this installment of the "How I Did it" series, here's a brief overview of how I integrated F5 APM with Verizon ID. With this integration we'll use SAML 2.0 federation and single sign-on to provide modern multi-factor authentication (MFA) to a header-based application using my mobile device.
Good question. Verizon ID is a multi-factor identity solution that utilizes biometrics and blockchain technology to securely store, manage and provide a "user-transparent" process. End users can store their identity access information in a secure vault on their mobile device and provide passwordless validation.
For this walkthrough I synchronized my on-premises Active Directory domain, ('aserracorp.com') with my Verizon ID tenant. This way, I was able to retain and manage my user account database on-premises while still utilizing Verizon ID for my MFA.
The Verizon ID admin portal provides a web UI for managing and configuring users database(s), applications, and federation. For this walkthrough I utilize the admin portal UI to:
As most of us familiar with the BIG-IP can attest, I had a number of options for configuring the various access and traffic management resources. For this walkthrough I utilized the Access Guided Configuration (AGC) to deploy all the necessary BIG-IP resources. The guided configuration process steps the admin through each step from creating pool members and virtual servers to SAML service provider and SSO resources.
Yep, you guessed it; let's watch a movie! 😀 Afterall, if a picture is worth a thousand words, then a 4-minute video must be worth..well...um...hmm.
For additional guidance and information related to configuring Verizon ID and BIG-IP AGC refer to the links below.