DoD CAC .mil 2 Factor Authentication to Web App through BigIP

Hello. We currently front end access to several COTS applications through BigIP (12.1.4). We have a new requirement to enforce 2FA using DoD issued CACs (smart card). We aren't doing any SSO with the COTS applications, and just want to validate the client cert through OSCP validation and PIN. Using APM, we've created a simple Policy to perform the OCSP validation. The problem we're seeing is when we access the external application URL front ended by the BigIP from our internal (.com) network, we are prompted for a CAC certificate, and when selected, are prompted for a PIN as expected. But when we access the URL from a .mil computer with an SDC image, it will not prompt for certificate or PIN and fails authentication. We've tried tweaking numerous settings in the the SSL profile, tried different certificate authentication methods through APM, and the behavior is consistently the same from a .mil network computer. Does anyone have any experience trying to get CAC authentication working on the BigIP and have any ideas what might be happening? Thanks for any help you can provide.

Forum Discussion

DoD CAC .mil 2 Factor Authentication to Web App through BigIP

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

DevCentral to Require Multi-Factor Authentication for Account Login from September 26

Two-Factor Authentication With Google Authenticator And APM

Two-Factor Authentication – Captive Portal

Two-Factor Authentication With Google Authenticator And LDAP

Application access using Multi-factor Authentication with APM and Okta