How it Works
HID
Loading...
4TRESS AAA,F5 BIG-IP
User Manual
29 pgs1 Mb0
Table of contents
Loading...

HID 4TRESS AAA,F5 BIG-IP User Manual

ActivIdentity® 4TRESS AAA Web Tokens
and F5
®
BIG-IP® Access Policy Manager
Document Version 1.1 | Released | July 11, 2012
ActivIdentity 4TRESS AAA Web Tokens and F5 APM | Integration Handbook
P 2
External Use | July 12, 2012 | © 2012 ActivIdentity

Table of Contents

Table of Contents ....................................................................................................................................................... 2
1.0 Introduction ....................................................................................................................................................... 3
1.1 Scope of Document .................................................................................................................................... 3
1.2 Prerequisites .............................................................................................................................................. 3
2.0 BIG-IP APM Configuration ................................................................................................................................ 4
2.1 Procedure 1: Create New Radius Server Instance .................................................................................... 4
2.2 Procedure 2: Access Policy Manager Configuration .................................................................................. 6
2.3 Procedure 3: Customization ..................................................................................................................... 12
2.3.1 Adding Images and the Web Token Applet with the Image Browser .............................................. 12
2.3.2 Personalizing Page Appearance ..................................................................................................... 16
3.0 ActivIdentity 4TRESS AAA Configuration ....................................................................................................... 19
3.1 Procedure 1: Configure F5 Gate .............................................................................................................. 19
3.2 Procedure 2: Assigning Group(s) to the F5 Gate ..................................................................................... 21
4.0 Configure for Soft Token Activation ................................................................................................................ 22
4.1 Procedure 1: Enable Soft Token Activation ............................................................................................. 22
4.2 Procedure 2: Configure Soft Token Activation Portal .............................................................................. 23
5.0 Sample Authentication Using Web Soft Token Authentication ....................................................................... 26
5.1 Prerequisite: User Enrolls Web Token and Computer ............................................................................. 26
5.2 Authenticating with Web Soft Token Launched in the Sign-In Page ....................................................... 28
ActivIdentity 4TRESS AAA Web Tokens and F5 APM | Integration Handbook
P 3
External Use | July 12, 2012 | © 2012 ActivIdentity
Note: Using F5 double authentication (an LDAP password plus a one-time password) is optional. You

1.0 Introduction

The F5® Networks BIG-IP
®
Access Policy Manager (APM) is a software component of the BIG-IP hardware platform that provides users with secured connections to specific Web applications or the entire corporate network. By leveraging standard Web browsers and security technology, the APM enables your corporation or organization to provide users access to various internal resources easily and cost-effectively, with no special software or configuration on user systems.
The ActivIdentity solutions that work with F5 incorporate SSL VPN solutions with versatile, strong authentication that is flexible, scalable, and simple to manage. ActivIdentity offers two solutions:
ActivIdentity® 4TRESS AAA Server for Remote Access—Addresses the security risks associated
with a mobile workforce remotely accessing systems and data.
ActivIdentity 4TRESS Authentication Server (AS)—Offers support for multiple authentication methods
that are useful for diverse audiences across a variety of service channels (SAML, Radius, etc.), including user name and password, mobile and PC soft tokens, one-time passwords, and transparent Web soft tokens.

1.1 Scope of Document

This document explains how to set up ActivIdentity 4TRESS AAA Web token authentication with the F5 APM. Use this handbook to enable authentication via a Web soft token for use with an SSL-protected F5 VPN.

1.2 Prerequisites

The ActivIdentity 4TRESS AAA Server is up-to-date (v6.7) with LDAP users and groups already
configured.
F5 BIG-IP APM version 11.1.x installed and configured.
The Web soft token is configured to work with or without a PIN.
Users have static LDAP passwords for access to the Self Help Desk to enroll Web tokens.
The F5 login page has been customized (illustrated in this handbook).
can configure the sign-in page so that users use a static LDAP passwords instead of the Web soft token PIN.
ActivIdentity 4TRESS AAA Web Tokens and F5 APM | Integration Handbook
P 4
External Use | July 12, 2012 | © 2012 ActivIdentity

2.0 BIG-IP APM Configuration

This chapter describes how to manage F5 APM. When a user signs into an F5 APM appliance, The F5 appliance forwards the user’s credentials to this authentication server to verify the user’s identity. You will create an authentication server:
An ActivIdentity 4TRESS AAA RADIUS Server to validate the user’s one time password generated by a Web token.

2.1 Procedure 1: Create New Radius Server Instance

When using an external RADIUS server to authenticate F5 users, you must configure the server to recognize the F5 as a client and specify a shared secret for the RADIUS server to use to authenticate the client request. To configure a connection to the RADIUS server on F5 APM appliance, perform the following steps.
To define the RADIUS Server instance, perform the following steps.
1. On the main tab of the navigation pane, expand Access Policy, and then click AAA Servers.
2. Click the plus sign next to RADIUS.
3. Click Create.
ActivIdentity 4TRESS AAA Web Tokens and F5 APM | Integration Handbook
P 5
External Use | July 12, 2012 | © 2012 ActivIdentity
Specify the Name of your RADIUS server.
Select the Mode Authentication
Specify the Server Address (IP of your RADIUS server).
Specify the Authentication Service Port (the port for your RADIUS server).
Enter and confirm the shared-secret for your RADIUS server.
Accept all other default settings.
4. Click Finished.
ActivIdentity 4TRESS AAA Web Tokens and F5 APM | Integration Handbook
P 6
External Use | July 12, 2012 | © 2012 ActivIdentity

2.2 Procedure 2: Access Policy Manager Configuration

With the APM wizards, you can quickly configure any of the three access types with a simple working configuration. After you configure a connection with the wizard, you can go back and edit the configuration to further customize the access policy.
1. To access APM Wizards, in the navigation pane, expand Templates and Wizards, and then click Device
Wizards.
This wizard configures a working VPN connection. Typically, this allows users outside your network to connect to specified networks and use their applications and network sites as if they are physically on the network.
2. Select the Network Access Setup Wizard for Remote Access option, and then click Next.
ActivIdentity 4TRESS AAA Web Tokens and F5 APM | Integration Handbook
P 7
External Use | July 12, 2012 | © 2012 ActivIdentity
Specify the Policy Name for the access policy to be created.
The Policy Name specifies the name of the access policy to be created, and is used as the naming prefix for other objects configured with the access policy. Later, when you look for items created with the wizard, they are named with this prefix.
Accept the default language (English), or change it, if required.
Select the Full Webtop ‘Enabled’ option.
Deselect the Client Side Checks ‘Enable Antivirus Check in Access Policy option.(At a later
time, you can refine this client-side check to verify a specific antivirus product.)
3. Click Next.
4. For Authentication Options, select Use Existing.
5. For Select AAA Server, specify the 4TRESS server that you previously created.
6. Click Next.
ActivIdentity 4TRESS AAA Web Tokens and F5 APM | Integration Handbook
P 8
External Use | July 12, 2012 | © 2012 ActivIdentity
Lease pools are a configuration requirement for network access connections. Each connection is assigned an IP address from the lease pool. You must configure a lease pool with as many IP addresses as required for the number of connected users you expect to host.
From the drop-down list, specify the Supported IP Version IPv4.
Specify your Member List (either IP Address or IP Address Range).
Click Add one time to specify an IP range, and click Add any time you specify a different IP
address.
7. Click Next.
ActivIdentity 4TRESS AAA Web Tokens and F5 APM | Integration Handbook
P 9
External Use | July 12, 2012 | © 2012 ActivIdentity
8. Specify the desired Traffic Options. (If you select the option to use split tunneling, then only network traffic
that you specify will go through the network access connection.
9. Click Next.
Loading...
+ 20 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use