How to hardcode or customize the logon page to proceed for RADIUS auth without entering password in SSL/IPsec VPN client ?

Question

Hi,&nbsp;
As i am integrating BIG-IP APM 12.0 with our RADIUS server. I would like to hardcode or customize the logon page as per my requirement.&nbsp;
Requirement1: 
I would like to customize the Logon Page while authenticating with RADIUS. When i access the virtual server IP in web browser, i see the User name and Password field for remote access authentication.&nbsp;
Here, i just need to proceed for the RADIUS authentication, entering only User Name. On RADIUS server, it proceeds for entered user name Second Factor Authentication (Could be Response only-Soft Token OR Challenge Response-GRID).&nbsp;
&nbsp;
At logon page, When i enter only RADIUS user name and click logon, it's not proceeding for RADIUS authentication and throwing the error that "The username or password is not correct. Please try again".&nbsp;
&nbsp;
&nbsp;
Here, i just want BIG-IP accept the authentication with empty password field (Only uSer name). Is it possible to hardcode the BIG-IP to accept only user name and proceed for RADIUS authentication ??&nbsp;
Your help is highly appreciated and thanks in advance.&nbsp;
Thank You,
Anthony&nbsp;

arnaud_lemaire · Answer

from the logon page customization menu in the vpe you can remove the password field, and then set session.logon.last.password to whatever value you may need from vpe or irule.&nbsp;
i would first test by removing simply the password field and see if the big-ip is sending a radius request. there maybe some hidden logic where he absolutely needs a password. if yes set a dummy one and hope your radius doesn't check it.&nbsp;

arnaud_lemaire · Answer

ok, question i have is what happen if your radius server received a auth request with username and password setup ? does he initiate the otp process or does he try to validate the password ?
if it doesn't care about the password you should put in the variable assign a fake password, instead of using a custom expression use a text option to configure anything. Or does you radius expect a generic password you are trying to set ?&nbsp;

anthony_reddy_2 · Answer

Hi Arnaud,,&nbsp;
I have tried make changes as per the steps that you have shared. But, it's not proceeding for the RADIUS auth and i see the SSL client status as "page loading" or attempting to RADIUS auth. Could you suggest me, required any additional changes?&nbsp;
&nbsp;
&nbsp;
&nbsp;
Thank You,
Anthony &nbsp;

Forum Discussion

How to hardcode or customize the logon page to proceed for RADIUS auth without entering password in SSL/IPsec VPN client ?

3 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

custom response page for api

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

How to replace a url hardcoded in server response.

Harnessing F5 Distributed Cloud Customer Edge on the HPE GreenLake Platform