Manual Chapter : Creating an Access Configuration for ephemeral authentication

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 16.0.0
Manual Chapter

Creating an Access Configuration for ephemeral authentication

Before you set up an Access Configuration, you need to have created an Authentication Configuration and an SSH Security Configuration.
You create an Ephemeral Authentication Access Configuration to specify the generic password settings for privileged user access.
  1. On the Main tab, click
    Access
    Ephemeral Authentication
    Access Configuration
    .
  2. Click
    Create
    .
  3. For
    Name
    , type a name for the Ephemeral Authentication Access Configuration.
  4. If using LDAP on the backend, for
    User LDAP DN
    , type the session variable or name (in distinguished name or DN format) that represents the username of the user who initiated the LDAP authentication request; for example,
    %{session.ldap.last.attr.dn}
    .
    If specifying a session variable, the access policy needs to ensure that the variable is set using either an LDAP Query variable or Variable Assign agent.
    When the LDAP virtual server receives an LDAP authorization request, the
    username
    is in DN format (for example: CN=myuser, OU=marketing, DC=mydomain, DC=com). For verification to succeed, the
    username
    must be in DN format so it can be associated with the ephemeral password.
    This field is required (1) when the associated Authentication Configuration uses LDAP; (2) when an Authentication Configuration that uses LDAP is associated with an SSO configuration in an access policy; or (3) when an Authentication Configuration that uses LDAP is associated with an SSO configuration as part of portal access in an access policy.
  5. For
    Authentication Configuration
    , select the name of the Authentication Configuration that defines password usage and authentication protocol.
  6. For
    SSH Security Configuration
    , select the name of the SSH Security Configuration to use to communicate with the backend server using SSL.
  7. Define the ephemeral password settings for the system (or use the defaults).
    1. For
      Minimum Length
      , type the minimum number of characters that are required in a password (no less than 8 characters).
    2. For
      Maximum Length
      , type the maximum number of characters that are required in a password (up to 32 characters).
    3. For
      Minimum Digits
      , type the minimum number of numbers that are required in a password.
    4. For
      Minimum Special Characters
      , type the minimum number of special characters that are required in a password.
    5. For
      Special Characters
      , specify the special characters that are permitted in a password. Not required if Minimum Special Characters is 0. Allowed special characters:
      ~`!@#$%^&*()_-+={}[]:;"<>',.?/|\
    6. For
      Minimum Uppercase Characters
      , type the minimum number of uppercase characters that are required in a password.
    7. For
      Minimum Lowercase Characters
      , type the minimum number of uppercase characters that are required in a password.
    The system uses these settings when developing ephemeral passwords. No one sees these passwords.
  8. Click
    Save
    .
Access Policy Manager creates an Access Configuration and adds it to the list. Later, you need to associate the same Access Configuration with the virtual server acting as the Ephemeral Authentication server.
Next, create a WebSSH Resource.