Integration of F5 BIG IP APM with DoubleClue using RADIUS

1. Introduction

This guide is intended to help administrators to use DoubleClue Multi-Factor Authentication (MFA) together with F5 BIG IP APM.

2. Preparing DCEM as a RADIUS Server

You need to add a “NAS Client” configuration in DoubleClue Enterprise Management (DCEM).

  1. In DCEM, go to main menu item “RADIUS”, sub menu “NAS Clients” and click on “Add”.
  2. The “IP Number” must be the source IP of the F5 application.
  3. Do not enable the checkboxes “Use Challenge” and “Ignore User Password”.
  4. Click on “OK”. The configuration will be active immediately after that.

3. Configuration of F5 BIG-IP APM

Here you are shown how to integrate F5 BIG IP APM with DoubleClue.

3.1 RADIUS Server Definition on the BIG-IP

  1. Go to “Main” > “Access” > “Authentication”.
  2. Under “Configuration”, add a “Server Address”, the “Authentication Service Port”, a “Secret” and a “NAS IP Address”.
  3. Please note: The “Server Address” and the “NAS IP Address” must be identical with the IP address which you configured in DCEM (see previous chapter).
  4. For “Timeout”, enter at least 60 seconds. However, we suggest entering 120 to 180 seconds.

3.2 Access Policy Definition

Set the Access Policy according to the screenshot above, then define the “Logon Page”, the “RADIUS Auth” and the “SSO Credential Mapping” as follows:

3.2.1 Logon Page Definition

Here you define the GUI of the Logon Page:

3.2.2 RADIUS Server Integration

Define the RADIUS server as shown in the following screenshot. The name of the “AAA Server” must consist of the “Partition / Path” and the “Name” of the RADIUS configuration as shown in chapter 3.1.

3.2.3 SSO Credential Mapping

Here, the user credentials of RADIUS will be mapped to SSO at F5.