APM with OTP to identify 'trusted client'
Hello,
I have been asked to figure out if we can use APM for the following scenario. If someone wants to log in to our systems (secured by APM), don't just use username and password. Use an OTP solution, but not for every login/session. The idea is to set a cookie after successful authentication (username-password + OTP). The expiration on the cookie would be several weeks (exact number still under discussion). As long as the cookie is there and valid, the client would send it along, and the APM would thus identify the browser as 'trusted' and be satisfied with only username-password authentication. If no cookie is present in the request (cookie expired or no cookie present), the OTP authentication would be required.
I know that APM can work with OTP, but I have no idea how to implement what I just described. Knowing the power of iRules, I suppose something like that can be conceived, but my limited iRule skills are failing me on this.
Any help, directives, hints, tips, ... are welcome.
Thanks in advance, Yves