Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

APM Configuration With Authentications Against Priority ERP & Duo MFA


Hi Team,

I have the following scenario and I am looking for ways to implement DUO MFA via APM:

Customer have Priority ERP On-Prem Server with SQL DB, users that connect to Priority login page are authenticated locally with SQL query. I know that SQL query is not supported by big-ip to authenticate users. Now we want to add DUO 2FA to login.

I have followed the arcitle APM Configuration to Support Duo MFA using iRule and was wondering if there is a way to implament the solution with my scenario? I tried with AD Authentication and it works perfect. The problem is as i mentioned users authenticate localy at the server.

The issue is what are my options for First Authentication Factor? I need a way for APM first to pass the user to Priority logon page and after successfull login redirect to DUO 2FA. I have tried to configure "External Logon Page" BUT encountered an endless loop between https:/APM_URL/.my.policy and the logon page.

Can anyone advise which options I have with APM to implament the solution? 

Kind Regards,




I found a solution but getting a hard time to write the right iRule.

I can make API call to the server with iRule sideband Connection to make POST with users credentials.

The flow will be:

https://APM_PORTAL_LOGON/.my.policy ------ > user POST credentials ------- > sideband iRule Event to collect users credentials and POST to server for validation ----- if GOOD proceed to DUO.


Does anyone has iRule sideband connection to validate users credenials ?

F5 Employee
F5 Employee

I have tried but there is an issue with customers application, we end up with a redirect loop.

I have wrote an sideband connection iRule to do POST request with users credentials and check the status code from the server.

It works perfectly.