Perform these steps to apply your RADIUS, SSO Agent, Relying Party or Authentication Agent configuration to F5 BIG-IP APM Access Profile.
Before you begin: Configure the integration type that your use case will employ. Refer to the Integration Configuration Summary in this article for more information.
Configure RSA Cloud Authentication Service
Radius Client
Sign into the RSA Cloud Administrative Console and browse to Authentication Clients > RADIUS > Select the RADIUS Client and Edit .
Ensure the Authentication Details is set to Cloud Authentication Service validates password and applies access policy for additional authentication. is selected
Click Publish.
Relying Party Client
Sign into the RSA Cloud Administrative Console and browse to Authentication Clients > Relying Party > Select the Relying Party Client and Edit .
In the Authentication section, do the following:
- Under Authentication Details,
- ensure that RSA SecurID Access manages all authenticationand the appropriate primary and additional authentication methods is selected
- Click Next Step.
Click Publish.
Note: It is assumed that there is an Access Profile (in this example it is named abtest-access-profile) and a Virtual Server (named as abtest_vs) already created and configured such that it can successfully perform AD authentication to grant access to a protected resource. The following steps gives instructions on how to modify the access profile to use RSA SecurID Access to grant access to the same protected resource. More detailed instructions on how to create and modify access policies and mapping access policies to virtual servers can be found in F5 BIG-IP APM's documentation. The Access Policy before modification is as shown below:
1. Click Main > Access > Profiles / Policies > Access Profiles (Per Session Policies).
2. On the Access Profiles page, enter the name of the access profile to be modified in the search box and click Search.
3. Click on Edit... corresponding to the access profile to be modified.
4. On the Visual Policy Editor page, click on the x sign on the AD Auth block.
5. On the Item Deletion Confirmation pop-up window, click on the Connect previous node to Successful branch radio button and then click Delete.
6. (This step is only for Relying Party and SSO Agent - SAML integration types)
Click on the x sign on the Logon Page block.
7. (This step is only for Relying Party and SSO Agent - SAML integration types)
On the Item Deletion Confirmation pop-up window, click on the Connect previous node to fallback branch radio button and then click Delete.
8. Click on the + sign next to the fallback branch of the
- Logon Page block (for Authentication Agent, RADIUS with AM and RADIUS with CAS integration types)
- Start block (for Relying Party and SSO Agent - SAML integration types)
(image shown is for Authentication Agent integration type)
9. On the pop-up window, click on Authentication tab and then click:
- RSA SecurID radio button (for Authentication Agent integration type)
- RADIUS Auth radio button (for RADIUS with AM and RADIUS with CAS integration types)
- SAML radio button (for Relying Party and SSO Agent - SAML integration types)
(image shown is for Authentication Agent integration type)
10. Click Add Item.
11. On the next pop-up window, from the AAA Server drop-down list select:
- the RSA SecurID server configured in F5 (for Authentication Agent integration type).
- the RADIUS server configured in F5 (for RADIUS with CAS and RADIUS with AM integration types).
- the the SAML SP Service configured in F5 (for Relying Party and SSO Agent - SAML integration types).
(image shown is for Authentication Agent integration type)
12. Click Save.
13. Click Apply Access Policy and then click Close.
The fully configured access profile for each integration type will look as below:
- Authentication Agent
- RADIUS with AM and RADIUS with CAS
- Relying Party and SSO Agent - SAML
Return to Configuration Summary.
F5 BIG-IP APM 14.1 - Access Profile Configuration - RSA Ready SecurID Access Implementation Guide
