Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

F5 APM Google Authenticator

zchriss
Altostratus
Altostratus

‎15-Aug-2019 07:37

I'm looking to implement two factor authentication in front of a web top.

 

I would like to have the option to enroll users who do not have a shared secret stored for the 2FA when they first login.

 

Following the below guide is troublesome as links to the example iRule source code return 404.

 

https://devcentral.f5.com/s/articles/two-factor-authentication-with-google-authenticator-and-apm

 

Is there any modern resources for implementing Google Authenticator / 2FA (TOTP/HOTP) on big-ip 14+ ?

 

This seems like a very simple feature and it is puzzling why it isn't just a check-box in APM.

Labels:
4 REPLIES 4

Niels_van_Sluis
MVP
MVP

‎16-Aug-2019 06:19

As far as I know there is not yet a solution available that will give you the option to enroll users that don't have a shared secret stored. Here are some links that will give you more information about the implementation that George Watkins created:

 

https://loadbalancing.se/2016/07/09/setting-up-apm-with-google-authenticator/

https://f5-agility-labs-iam.readthedocs.io/en/latest/class9/module5/lab1.html

 

There is also another implementation available that has more focus on security. See:

 

https://devcentral.f5.com/s/articles/apm-google-authenticator-http-api-914

 

 

zchriss
Altostratus
Altostratus
In response to Niels_van_Sluis

‎19-Aug-2019 01:51

Hi Niels,

 

The top link ( https://loadbalancing.se/2016/07/09/setting-up-apm-with-google-authenticator/ ) was exactly what I was looking for. It seems to mostly follow George Watkins guide and more importantly has a copy of the irules. Thanks!

 

I have seen enrollment done here, and the video does make it look very polished:

 

https://www.youtube.com/watch?v=mFmx4TDWyD0

 

Again, it seems like there are no copies of the irules anywhere. Which is a shame!

 

Cheers,

Chris

Niels_van_Sluis
MVP
MVP
In response to zchriss

‎19-Aug-2019 07:00

Hi Chris,

 

Nice feature! The iRules for auto enrollment seem to be located here:

 

https://github.com/codygreen/F5-MFA

 

Kind regards,

 

--Niels

gpetricca
Nimbostratus
Nimbostratus

‎28-Jul-2020 23:52

Hi all,

about the codygreen solution using iRules LX for self-enrollment, do you know where to find the corresponding APM policy?

I'm trying to reverse-engineer the code, but it's difficult for me to build the policy flow.

Thanks!

 

Cheers,

Gabriele.

0 Kudos
Copyright © 2023 Khoros, LLC