Certificate based user authentication to F5 APM

Question

We are in need to test CBA authentication to F5 using PKI tokens.
Instead of proving AD username and password, user inserts his token(Having user certificate) to client machine and provides pin to the token.
Based on the user certificate present on the token, user is authenticated to the F5 server.&nbsp;
I can see certificate based client server communication in documentation, but we want user authentication to F5 using certificate on token.&nbsp;
Please assist if the use-case we are trying to test is feasible with F5 or not.
Provide us with configuration steps if you have some other vendor tokens already working with PKI, or please guide me with the same.&nbsp;

amolari · Answer

F5 will be able to check the user certificate but in no way if it's on a token or not (this "info" is not available at all in the communication). Here it's a PKI policy that helps. You should either have &nbsp;
certificates on token are issued by a specific CA (higher assurance): the APM will check only client certs issued by that CAcertificates on token have specific properties: the APM can check this properties (that will require an iRule)
Hopefully you have already deployed you certificates in a way that you can apply either 1) or 2)&nbsp;

Forum Discussion

Certificate based user authentication to F5 APM

1 Reply

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

Re: Management Certificate

Distributed caching of authentication requests with NGINX Ingress Controller

Application Programming Interface (API) Authentication types simplified