CirrusHi,
I have an F5 hooked up to LDAP (Active Directory) and authenticating users for various web services behind the F5 and also authenticates users logging into the F5 management GUI. Smart Cards are used for accessing all websites and works fine.
My question, is it possible to log into the F5 GUI Management with the smart card instead of having users enter their ldap username/password combination?
Thanks!
NimbostratusYes, it is possible, but not natively on the F5. We do something simliar in our organization using a radius back end that uses the combined password and token as the password.
EmployeeF5 Supports ClientCert - LDAP natively in 12.0, its available as an option when configuring system authentication user source.
Also, providing smartcard access for privileged user access to other network devices and systems is possible with APM.
A users password would never be needed. Any value can be extracted from the X509 attributes on the smartcard certificate, and compared in an LDAP query.
NimbostratusNot yet. Got side tracked on other security stuff. Funny that PKI just came up in Govt meeting and they said we had until 30NOV to implement it...lol. They have no clue the amount of work that entails. We use Weblogic for some of our Web apps and they use bigip and direct server access. So we are updating all of our DOD certs and then we will focus on PKI. Doing the portal access for apps will be a piece of cake, it is the management console that is causing issues. We have procured all new bigip virtual devices and once they get in place we will get back to PKI. We cannot upgrade to version 13x due to our old devices cannot support it. F5 was supposed to be working on CAC and PKI stuff last time I talked to them.