Forum Discussion

VKanwade's avatar
VKanwade
Icon for Nimbostratus rankNimbostratus
Nov 04, 2020

How to develop a second factor authentication plugin/extension?

Very new to BIG-IP

 

I am trying to port an extension for second factor authentication written for PingFederate.

 

There I have to create a jar and deploy it in PF. Then I can login as admin and configure it as a policy: Login using AD, on success, trigger my plugin which does the OTP and then allow access to the resource.

 

How do I do something similar in BIG-IP?

 

Is APM > AAA Servers the right way to do this?

  • APM is the right module for sure

     

    but loading something like a jar is not something you do with F5 BIG-IP APM

     

    you can create an access profile, and in the visual policy editor create your auth flow. first AD then your second factor authentication.

     

    if that will work depends on the two factor "extension", is it fully custom? can it run somewhere separate where the F5 BIG-IP APM module can communicate with it?

     

    this isn't something that is easy without some basic APM knowledge, can your F5 partner or distributor perhaps help?

  • Hi  the extension is something I am building and yes it can be run on a separate tomcat.

     

    I was able to get to a point where I created a pool, virtual server and access policy. but kind of stuck how to configure the policy to include it.

    • Ahmed_Galal's avatar
      Ahmed_Galal
      Icon for Cirrostratus rankCirrostratus

      for me Radius Auth is OTP server but first you need to configure Radius authentication server under APM module

      • VKanwade's avatar
        VKanwade
        Icon for Nimbostratus rankNimbostratus

         I am trying to build my own extension. So instead of the SSO Credential Mapping step, I have added External Logon Page. But for some reason [ACCESS::policy result] is always not_started instead of in_progress.