APM 2-Factor Radius and AD Authentication user accounts sAMAccountName and UPN suffixes

Question

Hello,&nbsp;
my question is, I have a apm scenario, landing page, Radius Auth. (SafeNet), the Radius Auth need the sAMAccountName for example doej than I give at the landing page the OTP (onetimepassword) and the AD Password which I switch which a variable assignment, but now I want to do a ldap auth and for the ldap auth we need the UserPrincipalName (email) for example john.doe(at)company.com. So my question would be now, how can I check maybe with a ldap query the UserPrincipalName to switch from doej -&gt; john.doe(at)company.com that the ldap auth will not fail and the SSO is after this correct working, maybe someone have a idea, need I an iRule or just a ldap query the expressions and so on ? Please give some examples &nbsp;
THX
Manu  &nbsp;

henrik_s · Answer

As long as the user provides you with sAMAccountName you could perform a ldap query to fetch the UPN. Then you would have to perform variable assignments to be able to perform the ldap auth with session.logon.last.username by default. Then again you would need to check your sso credential mapping and possibly perform another variable assignment before, or check your SSO profile to use the correct username.

Forum Discussion

APM 2-Factor Radius and AD Authentication user accounts sAMAccountName and UPN suffixes

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Configure Toopher 2 Factor Authentication to work with APM

SecureAuth 2-Factor STS iApp

Google is implementing 2-factor Authentication

Doing mTLS Authentication per URL