Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

APM - certificate based authentication

Hi,

I am looking for some help with APM. I am new to APM and looking for advise and comments on the below solution required. Apologize if I am putting this in wrong form.

Currently we have a SharePoint application published via APM to internal group of users which uses AD authentication. We have a new requirement to make it available via internet for external user (using corporate laptop and mobile devices). We have decided to add additional security via certificate. I have used Client Cert Inspection to validate the certificate of end user device and its working in the test environment. But I have below to points which I need suggestions:

1. For mobile devices the certificate needs to be exported after validation of the mobile number. - Any suggestion on how this can be implemented. I found - Google Authenticator Token Verification, but can this be implemented in corporate environment?

2. The device certificate will expire after six months and then it needs to be renewed. - How I can add this in the access policy, will Client Cert Inspection function perform this or I need to put additional checks.

 

Regards,

AJ

0
Rate this Question
Comments on this Question
Comment made 03-Dec-2013 by tiwang 431
Hi AJ I have a similar problem - can you tell me how you get the "client cert inspection" to work - which steps where needed?
0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Super old post, but here are some thoughts.

  1. For mobile devices the certificate needs to be exported after validation of the mobile number. - Any suggestion on how this can be implemented. I found - Google Authenticator Token Verification, but can this be implemented in corporate environment?

Client certificate and Google Authenticator are generally different technologies (cert vs. one-time passcode). The client certificate, and private key, must be installed and accessible to whatever mobile application that needs it. Where that is depends on the mobile platform. For iOS, there's a central key store that Safari uses, but some applications actually have their own key stores.

  1. The device certificate will expire after six months and then it needs to be renewed. - How I can add this in the access policy, will Client Cert Inspection function perform this or I need to put additional checks.

I want to first point out that a client certificate and a device certificate are different things. Device certificates are generally transparent to the user. As for expiration, that's a common problem often addressed by security policies and/or protocols like Simple Certificate Enrollment Protocol (SCEP).

Tiwang, are you looking for specific guidance on setting up client certificate authentication in APM, or something specific to mobile platforms?

1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

Did you implement certificate based authentication? Please share your results.

0