2FA authentication with SSO on APM

Question

Hi&nbsp;
i have configured two factor authentication with AD and RSA for users to connect to application on APM. but i need SSO configuration on APM to pass the AD credentials to application. the policy i have configured will change session.logon.last.password to password1 to pass the RSA token to RSA server.So how do i get actual AD password session ID to configure SSO.&nbsp;
Policy 
Logon page -- configured password1 as session variable for RSA--AD auth -- varible assign as below--RSA auth--SSO mapping - backend server
Variable assign
expr {[mcget session.logon.last.password1]}&nbsp;

lee_sutcliffe · Answer

You need to create a SSO Credential Mapping policy agent in the Visual Policy Editor, that takes the username and password from the logon page, and maps them to variables to be used for SSO services

psilva · Answer

Post of the Week Video of the question: &nbsp;
https://devcentral.f5.com/articles/post-of-the-week-two-factor-auth-and-sso-with-big-ip-29546&nbsp;
ps&nbsp;

siphe · Answer

Hi Lee, tried this but unfortunately it doesn't resolve the issue.

Forum Discussion

2FA authentication with SSO on APM

3 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

Distributed caching of authentication requests with NGINX Ingress Controller

Application Programming Interface (API) Authentication types simplified

iControl REST Authentication Token Management