F5 BIG-IP APM 14.1 - Shared Logon Page Configuration - RSA Ready SecurID Access Implementation Guide
a year ago
Originally Published: 2019-06-25

This section describes how to integrate F5 BIG-IP APM with RSA Authentication Manager using a shared logon page such that both RSA SecurID Access and Active Directory credentials can be entered on a single logon page. This method is not compatible with Risk-Based Authentication.

 

Example Login Page Diagram

 

shared-logon-example.png

 

Perform the steps in this section to configure F5 BIG-IP APM to use shared logon page approach for coexistence of RSA SecurID Access authentication with AD authentication and SSO options.

 

Note:  It is assumed that F5 BIG-IP APM is integrated and tested with RSA Authentication Agent, RADIUS with AM or RADIUS with CAS already. The steps here show how to modify the existing access policy to enable use of AD authentication and SSO with already configured RSA SecurID Access authentication. It is also assumed that a Active Directory server is created and configured in F5. Instructions for configuring Active Directory server can be found in F5's documentation.

 

Note:  This example shows a RSA Authentication Agent integration type coexistence with AD authentication and SSO. If the integration type is RADIUS, all the instructions still hold good. But, the RSA SecurID block is replaced by RADIUS Auth block.

 

Procedure

 

1. Click Main > Access > Profiles / Policies > Access Profiles (Per Session Policies).

 

radius-am-f5-step5.png

 

2. On the Access Profiles page, enter the name of the access profile to be modified in the search box and click Search.

 

3. Click on Edit... corresponding to the access profile to be modified.

 

radius-am-f5-step7_624x121.png

 

4. Click on the Logon Page block.

 

shared-f5-step2_624x184.png

 

5. On the pop-up window, do the following:

 

  1. Under Logon Page Agent section, edit the 3rd row as follows:
    • Select Type as password from the drop-down list.
    • Enter Post Variable Name as rsapasswd.
    • Enter Session Variable Name as rsapasswd.
  2. On the pop-up window, under Customization section, do the following:
    • Change the Logon Page Input Field #2 caption to AD Password.
    • Change the Logon Page Input Field #3 caption to SecurID Passcode.
  3. Click Save.

 

shared-f5-step5_624x651.png

 

6. Click on the RSA SecurID block.

 

shared-f5-step2_624x184.png

 

7. On the pop-up window, do the following:

 

  1. For Password Source change the value to %{session.logon.last.rsapasswd}.
  2. Click Save.

 

shared-f5-step7.png

 

8. Click the + sign on the successful branch of RSA SecurID block.

 

shared-f5-step6_624x186.png

 

9. On the pop-up window, click on Authentication tab and then click AD Auth radio button.

 

10. Click Add Item.

 

shared-f5-step10_624x562.png

 

11. On the next pop-up window, from the Server drop-down list, select the AD Server to be used for authenticating users. (The server should be created previously from Main > Access > Authentication > Active Directory).

 

12. Click Save.

 

shared-f5-step12.png

 

13. Click on the + sign on the Successful branch of AD Auth block.

 

shared-f5-step13_624x185.png

 

14. On the pop-up window, click on Assignment tab and then click SSO Credential Mapping radio button.

 

15. Click Add Item.

 

shared-f5-step15_624x468.png

 

16. On the next pop-up window, click Save.

 

shared-f5-step16_624x242.png

 

17. Click Apply Access Policy and then click Close.

 

radius-am-f5-step14_624x35.png

 

 

 

Note:  The fully configured access profile for this integration:
shared-apm-final_624x115.png

 

 

 

Configuration is complete.

 

Return to Configuration Summary.

 

You are here

F5 BIG-IP APM 14.1 - Shared Logon Page Configuration - RSA Ready SecurID Access Implementation Guide

Related Articles

Trending Articles

Don't see what you're looking for?