My company has implemented external logon page using the consistent look & feel with the rest web GUI in our company. It works pretty well with BigIP/APM for username/password authn flow. Now my company has a new requirement to enable One Time Password (OTP) with the username/password authn mechanism. Naturally we have tried to reuse the same external logon page for OTP verification. It works also normally as expected when the OTP is right. However, if a wrong OTP code was typed in the external logon page, the APM will premature the ongoing APM evaluation and set the policy result as "redirect" although the OTP Verify,Max Logon Attempts Allowed is by default set as 3.
If the built-in Logon page with BigIP's default GUI look & feel is used for OTP verification, BigIP/APM works as expected in the situations with wrong OTP code. Only when three wrong OTP codes were attempted, will BigIP/APM redirect browser to the authn-failed page specified in VPE.
Can someone shed the light on or share any experiences of using an external logon page as OTP Verify GUI and the Max Logon Attempts Allowed still works fine? Thanks in advance!