Manual Chapter : Creating a logon page for MFA in a subroutine

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Manual Chapter

Creating a logon page for MFA in a subroutine

You should have created a subroutine with the variable assign agent to collect
subsession.logon.last.username
and assign it to the session variable
last.subsession.logon.last.logonname
. Start this task in this subroutine.
The logon page presents the user with a choice to type a onetime passcode or to get a push notification.
  1. In the subroutine, after the Variable Assign agent, click the plus to add a new item.
  2. On the
    Logon
    tab, click
    Logon Page
    and click
    Add Item
    .
  3. Specify the following settings for the Logon Page item.
    Item
    Type
    Post variable
    Session variable
    Other configuration
    1
    text
    username
    username
    2
    none
    password
    password
    3
    select
    factorType
    factorType
    Click
    Values
    and specify two options:
    push
    and
    otp
    . Specify names for identification.
    4
    text
    mfaToken
    mfaToken
    This example shows the logon page item configuration.
  4. Click the
    Branch Rules
    tab and click
    Add Branch Rule
    .
  5. Name the branch rule for the push notification, for example
    Push Selected
    .
  6. Next to
    Expression: empty
    click
    change.
  7. Click
    Advanced
    .
  8. Type the expression for push notifications:
    expr { [mcget {subsession.logon.last.factorType}] == "push" }
    .
  9. Click
    Finished
    .
  10. Click
    Add Branch Rule
    .
  11. Name the branch rule for the one time passcode, for example
    OTP Selected
    .
  12. Next to
    Expression: empty
    click
    change.
  13. Click
    Advanced
    .
  14. Type the expression for push notifications:
    expr { [mcget {subsession.logon.last.factorType}] == "otp" }
    .
  15. Click
    Finished
    .
  16. Click
    Save
    .
  17. Assign success and failure terminals to the branches.
Continue with the configuration of the subroutine.