F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Access Policy Manager: Implementing Zero Trust with Per-Request Policies
  3. Step-Up Authentication with APM
  4. Example: Step-up authentication for an IP address change
  5. Example: Step-up auth on move from wired to wireless
Manual Chapter : Example: Step-up auth on move from wired to wireless

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Example: Step-up auth on move from wired to wireless

This example shows using gating criteria to check whether a request in a subsession is coming from the same IP address. It uses two subroutines: AD Authentication and MFA. AD Authentication specifies
perflow.client.ip.address
 as the gating criteria. The user must authenticate using first factor credentials if the IP address has changed, for example, if the user has switched from the wired network to using wireless.
In that case, if initial authentication is successful, request is routed to the MFA subroutine for step-up authentication. The gating criteria for MFA is
expr {[mcget {session.adStepUpAuth.gatingCounterPath}]}
, where the session variable
session.adStepUpAuth.gatingCounterPath
 was populated in the AD Authentication subroutine. The example ties the two subroutines together: as soon as the first subroutine is reevaluated, the second must be reevaluated again.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information