Firepass to APM migration

you can add additional fields to the default username/password in the logon page action. Then, you could perform multiple auth in the VPE such as AD auth and Radius and use there the corresponding variables you've used in the logon page.

Hi amolari,

Thanks you for your response... I appreciate your help!

But, our situation is a little different, we have Firepass currently doing authentication for all the VPN users on one logon page ....

Users enter username, AD password and RSA token on the same logon page and get authenticated.

In APM I do not see this option, I need your help in configuring the policy so that we have the same scenario in F5 APPM, where the user is given one logon page for both AD and RSA password verification.

modify the APM logon page to have 3 fields (default is 2), each has its session variable. In the VPE, after the logon page, perform an AD auth action with sessin variables from field 1+2 and after that a Radius (or SecurID) auth with fields 1+3.

Both AD and SecurID use the same session variable so you'll have to setup a new variable as indicated in the post below. This worked for me.

My policy looks like..

Logon Page > Variable Assign > SecurID > Variable Assign > AD Auth > Successful

https://devcentral.f5.com/questions/bigip-apm-ad-rsa-auth