Google Authenticator iRule Verification
Hi,
I've been following this article: https://devcentral.f5.com/articles/two-factor-authentication-with-google-authenticator-and-apm
To implement two-factor authentication with APM. After creating an access policy, data group and all the likes, I find that the APM is expecting a different code than the authenticator shows. I found out by printing the variables that I enter as a code, and the variables that the APM expects as a code, into the logs. The whole process itself works. The iRule is triggered, the username is found in the datagroup, and the calculations are made. It's just expecting a different code. For example, my code will say "781023", and the BIGIP will be expecting code "826015". I tested this with multiple different accounts and the same results all around. I'm wondering if Google just changed its algorithm a few years ago and the article became outdated, or if something in recent F5 versions has changed that changes the calculation algorithm. Has anyone done a recent implementation with this iRule without any issues? I quadruple-checked everything and added log entries to every part of the iRule. I know it's being triggered correctly, but it's just coming up with a different expected code than Google is.
In that article, there are 2 comments by people with the same issue on 11.5, so at least I'm not alone :-)