Manual Chapter :
Creating an Access Configuration for ephemeral
authentication
Applies To:
Show VersionsBIG-IP APM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Creating an Access Configuration for ephemeral
authentication
Before you set up an Access Configuration, you
need to have created an Authentication Configuration and an SSH Security Configuration.
You create an Ephemeral Authentication Access
Configuration to specify the generic password settings for privileged user access.
- On the Main tab, click.
- ClickCreate.
- ForName, type a name for the Ephemeral Authentication Access Configuration.
- If using LDAP on the backend, forUser LDAP DN, type the session variable or name (in distinguished name or DN format) that represents the username of the user who initiated the LDAP authentication request; for example,%{session.ldap.last.attr.dn}.If specifying a session variable, the access policy needs to ensure that the variable is set using either an LDAP Query variable or Variable Assign agent.When the LDAP virtual server receives an LDAP authorization request, theusernameis in DN format (for example: CN=myuser, OU=marketing, DC=mydomain, DC=com). For verification to succeed, theusernamemust be in DN format so it can be associated with the ephemeral password.This field is required (1) when the associated Authentication Configuration uses LDAP; (2) when an Authentication Configuration that uses LDAP is associated with an SSO configuration in an access policy; or (3) when an Authentication Configuration that uses LDAP is associated with an SSO configuration as part of portal access in an access policy.
- ForAuthentication Configuration, select the name of the Authentication Configuration that defines password usage and authentication protocol.
- ForSSH Security Configuration, select the name of the SSH Security Configuration to use to communicate with the backend server using SSL.
- Define the ephemeral password settings for the system (or use the defaults).
- ForMinimum Length, type the minimum number of characters that are required in a password (no less than 8 characters).
- ForMaximum Length, type the maximum number of characters that are required in a password (up to 32 characters).
- ForMinimum Digits, type the minimum number of numbers that are required in a password.
- ForMinimum Special Characters, type the minimum number of special characters that are required in a password.
- ForSpecial Characters, specify the special characters that are permitted in a password. Not required if Minimum Special Characters is 0. Allowed special characters:~`!@#$%^&*()_-+={}[]:;"<>',.?/|\
- ForMinimum Uppercase Characters, type the minimum number of uppercase characters that are required in a password.
- ForMinimum Lowercase Characters, type the minimum number of uppercase characters that are required in a password.
The system uses these settings when developing ephemeral passwords. No one sees these passwords. - ClickSave.
Access Policy Manager creates an Access
Configuration and adds it to the list. Later, you need to associate the same Access
Configuration with the virtual server acting as the Ephemeral Authentication server.
Next, create a WebSSH Resource.