Code Monkey home page Code Monkey logo

f5_otp's Introduction

F5 :: One-Time Password (OTP) application

F5 QR AD

Overview

One-Time Password (OTP) application for F5 BIG-IP designed for deployments without external Multi-Factor Authentication (MFA) servers. This application uses pure Active Directory for user authentication and shared secret value storage. This application uses local QR code rendering capability so you can built OTP configuration portal in high security environments without external access. All you need after the installation of this application is to tell your users to download AgileBits 1Password, Google Authenticator, Microsoft Authenticator or any other OTP-compatible application to their mobile devices and start using Multi-Factor Authentication (MFA) for your services.

This solution is based on:

  • RFC 4226 - HOTP: An HMAC-Based One-Time Password Algorithm
  • RFC 6238 - TOTP: Time-Based One-Time Password Algorithm

Screenshots

OTP1 OTP2 OTP3 OTP4

Requirements

Required systems for this application:

  • BIG-IP LTM + APM + iRulesLX (*)
  • Active Directory
  • SMTP server
  • OTP-compatible generator

* - tested on versions 14.1.x, 15.0.x and 15.1.x (minimum version is 13.1.0)

Installation

Please read Installation Guide for instructions on installing OTP application on your BIG-IP. This guide is required to establish base configuration on BIG-IP which allows you to create OTP configuration portal and OTP verification procedures.

Implementation

See Implementation Guide for instructions on how to integrate OTP verification procedures to APM-enabled virtual servers with ACCESS_POLICY_AGENT_EVENT support. In this document you will also find instructions on how to integrate OTP verification procedures with APM-enabled virtual servers without ACCESS_POLICY_AGENT_EVENT support or external applications that are able to send and receive HTTP validation requests.

Troubleshooting

See Troubleshooting Guide for instructions on enabling debug log messages and decoding them correctly to understand how to debug installed application in your environment. You will find example log messages in this guide too.

Architecture

Please take a look at the Architecture Description for detailed solution description with all caveats and drawbacks if you would like to know more about this application. This document contains schemes and explanations of various aspects of this solution. After reading this document you will be able to change and adapt this application to your environment.

Credits

Full list of persons that helped me located in Credits

Badges

License GitHub Super-Linter

f5_otp's People

Contributors

akhmarov avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

pavenkostanislav dariusgb quynhlab vikrantpailwar msenturk yamashin55 clarkzdh

f5_otp's Issues

Problem connecting to LDAP - invalid LDAP url (scope)

I'm having problems connecting to LDAP. Tested with LDAPConfig client and LDP.exe

I get TypeError: Invalid LDAP url

pid[23198] plugin[/Common/LDAP-Modify_plugin.APM-LDAP-Modify_ilx] ldapModifyRec error: TypeError: ldap://192.168.9.15:389 is an invalid LDAP url (scope)

Any idea

Internal DNS resolve - when f5 is setup with public dns

Tried to implement the OTP Register portal first, but had a problem with resolving LDAP FQDN against the customers internal DNS. We have multiple tenants on the F5 and have DNS configured to public DNS servers.

How do I resolve the ldap fqdn (internal domain) in APM-LDAP-Modify-ilx plugin, when the DNS is configured for public DNS ?

AD Query issue

i implemented the whole solution as it was described and when i run it goes to "Browser Deny" by default and denies the connecton.

Logs:
Following rule 'fallback' from item 'AD Query' to item 'Browser Deny'

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.