I'm looking to implement two factor authentication in front of a web top.
I would like to have the option to enroll users who do not have a shared secret stored for the 2FA when they first login.
Following the below guide is troublesome as links to the example iRule source code return 404.
Is there any modern resources for implementing Google Authenticator / 2FA (TOTP/HOTP) on big-ip 14+ ?
This seems like a very simple feature and it is puzzling why it isn't just a check-box in APM.
As far as I know there is not yet a solution available that will give you the option to enroll users that don't have a shared secret stored. Here are some links that will give you more information about the implementation that George Watkins created:
There is also another implementation available that has more focus on security. See:
The top link ( https://loadbalancing.se/2016/07/09/setting-up-apm-with-google-authenticator/ ) was exactly what I was looking for. It seems to mostly follow George Watkins guide and more importantly has a copy of the irules. Thanks!
I have seen enrollment done here, and the video does make it look very polished:
Again, it seems like there are no copies of the irules anywhere. Which is a shame!
about the codygreen solution using iRules LX for self-enrollment, do you know where to find the corresponding APM policy?
I'm trying to reverse-engineer the code, but it's difficult for me to build the policy flow.