Manual Chapter : Configuring a subroutine for step-up authentication

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Manual Chapter

Configuring a subroutine for step-up authentication

For step-up authentication, you configure a per-request policy subroutine that performs authentication.
  1. On the Main tab, click
    Access
    Profiles / Policies
    Per-Request Policies
    .
    The Per-Request Policies screen opens.
  2. Create and then open a per-request policy for editing in the visual policy editor.
  3. Click the
    Add New Subroutine
    button.
    A popup screen opens.
  4. Select one of these subroutine templates:
    • LDAP Authentication
      - Includes a
      Logon Page
      followed by an
      LDAP Auth
      action,
      Pass
      and
      Fail
      terminals.
    • Confirm
      - Includes a
      Confirm Box
      where you can specify text and an icon that allows the user to continue or cancel the action.
    • Empty
      - Includes
      In
      and
      Out
      terminals only.
  5. Name the subroutine.
  6. Click
    Save
    .
    The popup screen closes. The subroutine, with the heading
    [+] Subroutine:
    Name
    , displays below the main editor.
  7. Expand the subroutine by clicking the [
    +
    ] icon.
    If any item in the subroutine needs some configuration, a red asterisk displays by the item name.
  8. From the Authentication tab, select one of the available authentication methods. Configure the authentication agent with the information needed, such as the AAA server.
  9. Make any changes you want to the subroutine terminals:
    1. To add a terminal, click
      Edit Terminal
      and configure it.
    2. To change a terminal, click it and select another one.
The subroutine settings are configured using the default values.
Next, you can add the subroutine to the per-request policy.