Kerberos & MFA

[Talisker69]

Hi,
Thanks for sharing your product.
I plan to use your MFA solution, to increase the security of our F5 portal. The access if filtered only by a simple web page in https that use Kerberos authentication and ldap queries to let you get in. We re-use the kerberos token (SSO) to open session on Windows servers. Can we use your product and ADFS do the same with MFA (and keeping the SSO) ? Ideally I will use the Azure MFA Provider to avoid user to re-enroll.
Thanks in advance for your answer.

[redhook62]

I'm not sure I understood.
However, this component only works with ADFS and not with an F5, which must be able to provide you with MFA (particular option or module).

Kerberos may only be used for the ADFS authentication part, but not in the MFA.

In ADFS, it is not Kerberos but federation token (SAML2, WSFed, OIDC), each token is specific to the application which requested it. Federated SSO will work because a new request for another application will be made, and the browse will present proof of federated identity, and in this case it is ADFS which does the work of federation server.

[Talisker69]

Yes I understood that your component is a kind of plugin of ADFS. F5 portal it's just de legacy web page to authenticate users before gain access to legacy apps.
Something like this https://www.cisco.com/c/en/us/support/docs/security-vpn/kerberos/118841-configure-kerberos-00.html and off course add the MFA on the flow ...