F5 APM with OIDC Web Duo Prompt

Question

DUO is retiring the iFrame support which has been working well for us. I am trying to implement the replacement found at https://duo.com/docs/f5bigip-web and APM Configuration to Support Duo MFA using iRule | DevCentral

This is our first JSON / OAuth implementation and I think I missed something in the setup

The DUO subroutine is implemented after the initial AD Authentication and Query

When I attempt to log on with the VPN client I get past the AD Authenticiaton but when the DUO challenge is to appear it fails and rolls back to the AD Authentication prompt screen.

The error I pulled out of the access report is

/Common/duosubroutine_act_oauth_client_ag: OAuth Client: authorization_code is required to get access_token for server '/Common/duo_server'

I am attempting to configure this as a per session policy. To my limited understanding I believe the secret is not being properly passed.

Could anyone provide steps for troubleshooting this?

Thank You

vulcana · Accepted Answer

For those who may run into this in the future sometimes it can be difficult to distinguish a _ from a - in the article.&nbsp; Should you run into this check for&nbsp;client_id&nbsp;parameter with type client-idresponse_type&nbsp;parameter with type response-typegrant_type&nbsp;parameter with type grant-typeredirect_uri&nbsp;parameter with type redirect-uri

Forum Discussion

F5 APM with OIDC Web Duo Prompt

1 Reply

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Request and validate OAuth / OIDC tokens with APM

How to customise Azure AD OIDC user ID token for APM integration

Using Shape IBD to protect OIDC IdP from Bot Attacks in Open Banking scenarios

F5 edge client with OIDC and yubikey

Help with OIDC F5 Setup