topic Re: How can I get user to type username, password and OTP when using RSA Radius 8,1 on Global Protec in General Topics

How can I get user to type username, password and OTP when using RSA Radius 8,1 on Global Protect ?

junior_r — Sat, 16 Jun 2018 04:50:26 GMT

Hi,

How can I get user to type username, password and OTP when using RSA Radius 8,1 on Global Protect ?

Portal = Radius (RSA) passes -> LDAP check

Thanks

Re: How can I get user to type username, password and OTP when using RSA Radius 8,1 on Global Protec

Remo — Sun, 17 Jun 2018 17:33:58 GMT

@junior_r

This sounds more like an issue on your RSA RADIUS server as it depends on the configuration on that server how the authentication flow should look like.

From my own experiences I know two types of authentication flows

User enters username and in the password field his OTP and also the password. This way the RADIUS server is able to check all login factors at once and returns access-accept or access-reject
User enters username and password and klicks login. Then the RADIUS server checks these credentials and if correct it sends a RADIUS access-challenge packet to the firewall which then displays a new inputfield for the OTP.

Re: How can I get user to type username, password and OTP when using RSA Radius 8,1 on Global Protec

OtakarKlier — Mon, 18 Jun 2018 13:23:30 GMT

Hello,

The way I acheived this in the past was to use different authentication methods for Portal and Gateway. I would use the Portal Radius for OTP and then LDAP for the Gateway.

Hope that helps.

Re: How can I get user to type username, password and OTP when using RSA Radius 8,1 on Global Protec

Remo — Mon, 18 Jun 2018 17:56:01 GMT

@OtakarKlier

For something like this there is also the way to configure authentication cookies. So you could configure the same RADIUS profile on the gateway without degrading the security with an authentication profile without OTP on the gateway.