Post of the Week: Two-Factor Auth and SSO with BIG-IP

In this Lightboard Post of the Week, I answer a question about 2FA and SSO with AD/RSA on BIG-IP by creating a SSO Credential Mapping policy agent in the Visual Policy Editor, that takes the username and password from the logon page, and maps them to variables to be used for SSO services. Special thanks to senthil147 for the question and a new 2018 MVP, MrPlastic (Lee Sutcliffe, which I flubbed) for the great answer.

Posted Question on DevCentral: https://devcentral.f5.com/questions/2fa-authentication-with-sso-on-apm-57581



ps

Get Social with DevCentral

That title sounds so 2009 but let’s go with it anyway. #Flashback…no, #Throwback…no, how about #TinkerTuesday? Is there such a thing? (There is.)

#DevCentral will be ramping up our social activities in 2018 and we wanted to share some of the media channels you can join to stay connected and engaged with the community.

Did you know that the Twitter bird has a name? It’s Larry. And while dc’s blue ball logo doesn’t have a name, you can find your @devcentral team members @psilvas, @jasonrahm, and @JohnWagnon on twitter sharing their technology insights along with some personal daily happenings and thoughts. Stay connected for new articles, iRules, videos, the Agility Conference and earn additional DevCentral points for answering the question of the day!

Don’t feel like reading anything and prefer to watch stuff? Then head on over to our YouTube channel for hours of instructional videos from our ‘Make it Work’ series, cool tech tips along with the awesome Lightboard Lessons. Lightboard Lessons are one of our most popular pieces of content and by subscribing to our channel, you’ll get the first alerts via email that a new video has published. You’ll probably even get to watch the video before it even posts to DevCentral. That’s right, early access.

Prefer to hang out with the LinkedIn crowd? While the F5 Certified! Professionals LinkedIn group is very active, the F5 DevCentral LinkedIn Group has been a little dormant recently so we’re looking to gear that up again also. With a little over a 1000 members, it’s a great way to converse with other members as we march toward the 12,000+ participants in Ken’s group.

When DevCentral started back in 2003, it was one of the original ‘social’ community sites when social media was still in its infancy. Members range from beginning to advanced devs, industry thought leaders, and F5 MVPs.

I’m also aware that there are BIG-IP discussions on Stack overflow, repos on github, the F5 Facebook page, MVP Kevin Davies’ Telegram F5 Announce and others. Where else should we engage with you and where should we be more active? Hit us up with the hash, #whereisdevcentral and we'll meet you there.


ps

The DevCentral Chronicles Volume 1, Issue 1

Welcome to 2018! If the kids in the back seat have been chanting, ‘Are we there yet?, Are we there yet?’ you can tell them, ‘Yes! Now, Get out the car!’

If, like me, you’ve taken a couple weeks off to enjoy the holidays and New Year, you might be wondering where to start again or what to catch up on. Let me help you.

First, the biggest ‘industry’ news so far in this early 2018 has got to be the Spectre and Meltdown vulnerabilities found in computer processors and affects almost every chip (mostly Intel) in the world. From operating systems to chip makers to cloud providers, there’s been a massive effort to get the word out and patch things up. Want to understand the situation better? Check out John Wagnon’s Lightboard Lesson Explaining the Spectre and Meltdown Vulnerabilities. And probably one of the best tweets about the vulnerabilities comes from @infosecgoon

According to F5’s David Holmes, Everything old is new again in 2018. And in Return of Bleichenbacher - the ROBOT Attack CVE-2017-6168, David explains the attack, how it affects BIG-IP, how to tell if you are vulnerable and how to mitigate. So, what is the real impact of ROBOT? David notes that the Bleichenbacher attack only affects RSA sessions not protected with the ephemeral keys offered by forward secrecy. All modern browsers and mobile clients have preferred ephemeral keys for several years.

As more organizations migrate to the cloud – a hybrid one at that - in 2018, you’ll want to bookmark Chase Abbott’s Welcome to the F5 BIG-IP Migration Assistant. The F5® BIG-IP® Migration Assistant is a tool freely distributed by F5 to facilitate migrating BIG-IP configurations between different platforms. You can use Migration Assistant when you have an existing BIG-IP instance and you want to replace the current hardware with new hardware. Chase gives a great overview of the tool including What can go wrong. Lots of engaging comments on this one and Chase always tells it like it is!

Lastly, as we open 2018, DevCentral wants to recognize our 2017 MVPs! The DevCentral MVP Program shines a spotlight on the best, brightest and most active members of our community. We got some new contributors mixed with some old favorites and they are always willing to help with expertise, examples and war stories. Many of the new faces were Featured Members last year so check out their stories like December's Kevin Davies.

We got a lot coming in 2018 including more #Basics, Lightboards, Posts of the Week, articles and our always active Q/A forums and Code Share. If you’re a DevCentral member, we appreciate the contributions, if not a DevCentral member, sign up and join one of the most active communities in tech.

Welcome to the DC Chronicles and btw, 2018 will be the Year of the Dog, in case you were wondering.

ps