Forum Discussion

soymanue's avatar
soymanue
Icon for Nimbostratus rankNimbostratus
Dec 05, 2014

APM Two-Factor Authentication with AD and HTTP AAA

I'm creating an access policy with two factor authentication. Our users have ther AD credentials and a grid card. First of all they should provide their AD credentials.

 

 

If the authentication succeeds, they shoulf pass the grid card authentication: User Number (It's not ther AD user name but we check if both of them belong to the same person) Grid Value 1: A1, C6, J5... Randomly generated by the grid card authentication system. Grid Value 2: A1, C6, J5... Randomly generated by the grid card authentication system.

 

 

The second authentication is made calling an external web. The username and password of the first step must be sent as parameters with POST or GET. I think that it's not possible to do this with external logon page. What about http authentication? I find some problems: - The second authentication is not based on user/password but user /two passwords with variable caption. - The need of sending the first credentials.

 

APM
deployment
design
security

1 Reply

Sort By
  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    Dec 28, 2014

    Have you figured out any way to do this yet? I'm in the process of developing a similar solution for our environment, and the method I'm considering is to use an additional external logon pages (since we're already using a single external logon page for current login), and then use an iRule to parse the response from the second page (and maybe use a sideband connection to check the answers) and perform the verification and set a session variable to use in a VPE object to decide whether to allow or deny the user.

     

    Still in the developing stages, but if you've figured this out, I'd love to hear how you've done it.