One-Time Password (OTP) application for F5 BIG-IP designed for deployments without external Multi-Factor Authentication (MFA) servers. This application uses pure Active Directory for user authentication and shared secret value storage. This application uses local QR code rendering capability so you can built OTP configuration portal in high security environments without external access. All you need after the installation of this application is to tell your users to download AgileBits 1Password, Google Authenticator, Microsoft Authenticator or any other OTP-compatible application to their mobile devices and start using Multi-Factor Authentication (MFA) for your services.
This solution is based on:
- RFC 4226 - HOTP: An HMAC-Based One-Time Password Algorithm
- RFC 6238 - TOTP: Time-Based One-Time Password Algorithm
Required systems for this application:
- BIG-IP LTM + APM + iRulesLX (*)
- Active Directory
- SMTP server
- OTP-compatible generator
* - tested on versions 14.1.x, 15.0.x and 15.1.x (minimum version is 13.1.0)
Please read Installation Guide for instructions on installing OTP application on your BIG-IP. This guide is required to establish base configuration on BIG-IP which allows you to create OTP configuration portal and OTP verification procedures.
See Implementation Guide for instructions on how to integrate OTP verification procedures to APM-enabled virtual servers with ACCESS_POLICY_AGENT_EVENT support. In this document you will also find instructions on how to integrate OTP verification procedures with APM-enabled virtual servers without ACCESS_POLICY_AGENT_EVENT support or external applications that are able to send and receive HTTP validation requests.
See Troubleshooting Guide for instructions on enabling debug log messages and decoding them correctly to understand how to debug installed application in your environment. You will find example log messages in this guide too.
Please take a look at the Architecture Description for detailed solution description with all caveats and drawbacks if you would like to know more about this application. This document contains schemes and explanations of various aspects of this solution. After reading this document you will be able to change and adapt this application to your environment.
Full list of persons that helped me located in Credits